From 566a36966b43d4f76e6a4e6dfa0d12112cbe46b4 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Mon, 24 Jan 2005 13:06:12 +0000
Subject: Added that update_all calls sanitize_sql on its updates argument, so
 stuff like MyRecord.update_all(['time = ?', Time.now]) works #519 [notahat]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@489 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 activerecord/lib/active_record/base.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'activerecord/lib/active_record')

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 0309f03a5a..51ee251871 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -368,7 +368,7 @@ module ActiveRecord #:nodoc:
       # A subset of the records can be selected by specifying +conditions+. Example:
       #   Billing.update_all "category = 'authorized', approved = 1", "author = 'David'"
       def update_all(updates, conditions = nil)
-        sql  = "UPDATE #{table_name} SET #{updates} "
+        sql  = "UPDATE #{table_name} SET #{sanitize_sql(updates)} "
         add_conditions!(sql, conditions)
         return connection.update(sql, "#{name} Update")
       end
-- 
cgit v1.2.3