From 554597d65781638094ff8552cb65eb802517e8ce Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Wed, 8 Dec 2004 10:38:10 +0000
Subject: Added named bind-style variable interpolation #281 [Michael
 Koziarski]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@78 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 activerecord/test/finder_test.rb | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'activerecord/test')

diff --git a/activerecord/test/finder_test.rb b/activerecord/test/finder_test.rb
index 721ad76d56..ff0ab56909 100755
--- a/activerecord/test/finder_test.rb
+++ b/activerecord/test/finder_test.rb
@@ -88,7 +88,28 @@ class FinderTest < Test::Unit::TestCase
     assert_nil Company.find_first(["name = ?", "37signals!"])
     assert_nil Company.find_first(["name = ?", "37signals!' OR 1=1"])
     assert_kind_of Time, Topic.find_first(["id = ?", 1]).written_on
+    assert_raises(ActiveRecord::PreparedStatementInvalid) {
+      Company.find_first(["id=? AND name = ?", 2])
+    }
+    assert_raises(ActiveRecord::PreparedStatementInvalid) {
+	   Company.find_first(["id=?", 2, 3, 4])
+    }
+  end
+
+  def test_named_bind_variables
+    assert_kind_of Firm, Company.find_first(["name = :name", { :name => "37signals" }])
+    assert_nil Company.find_first(["name = :name", { :name => "37signals!" }])
+    assert_nil Company.find_first(["name = :name", { :name => "37signals!' OR 1=1" }])
+    assert_kind_of Time, Topic.find_first(["id = :id", { :id => 1 }]).written_on
+    assert_raises(ActiveRecord::PreparedStatementInvalid) {
+      Company.find_first(["id=:id and name=:name", { :id=>3 }])
+    }
+    assert_raises(ActiveRecord::PreparedStatementInvalid) {
+      Company.find_first(["id=:id", { :id=>3, :name=>"37signals!" }])
+    }
   end
+
+  
 	
   def test_string_sanitation
     assert_not_equal "'something ' 1=1'", ActiveRecord::Base.sanitize("something ' 1=1")
-- 
cgit v1.2.3