From a53935dfa0538fba0ab805f1a2c4ca2c421ed5e1 Mon Sep 17 00:00:00 2001
From: Noemj <olli.rissanen@helsinki.fi>
Date: Wed, 30 Jan 2013 14:55:01 +0200
Subject: Changed update_record to use prepared statements.

---
 activerecord/lib/active_record/persistence.rb | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'activerecord/lib/active_record')

diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb
index 1b2aa9349e..0022cfcd46 100644
--- a/activerecord/lib/active_record/persistence.rb
+++ b/activerecord/lib/active_record/persistence.rb
@@ -418,13 +418,22 @@ module ActiveRecord
     # Returns the number of affected rows.
     def update_record(attribute_names = @attributes.keys)
       attributes_with_values = arel_attributes_with_values_for_update(attribute_names)
-
       if attributes_with_values.empty?
         0
       else
         klass = self.class
-        stmt = klass.unscoped.where(klass.arel_table[klass.primary_key].eq(id)).arel.compile_update(attributes_with_values)
-        klass.connection.update stmt
+        column_hash = klass.connection.schema_cache.columns_hash klass.table_name
+        db_columns_with_values = attributes_with_values.map { |attr,value|
+          real_column = column_hash[attr.name]
+          [real_column, value]
+        }
+        bind_attrs = attributes_with_values.dup
+        bind_attrs.keys.each_with_index do |column, i|
+          real_column = db_columns_with_values[i].first
+          bind_attrs[column] = klass.connection.substitute_at(real_column, i)
+        end
+        stmt = klass.unscoped.where(klass.arel_table[klass.primary_key].eq(id)).arel.compile_update(bind_attrs)
+        klass.connection.update stmt, 'SQL', db_columns_with_values
       end
     end
 
-- 
cgit v1.2.3