Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Mysql2 prepared statements bind substitution fix #161

Merged
merged 2 commits into from

2 participants

@olliwer

The placeholders have to be replaced with the actual values when creating the SQL.

@tenderlove tenderlove merged commit 80f11e3 into rails:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
10 lib/arel/visitors/bind_visitor.rb
@@ -12,6 +12,15 @@ def accept node, &block
end
private
+
+ def visit_Arel_Nodes_Assignment o
+ if o.right.is_a? Arel::Nodes::BindParam
+ "#{visit o.left} = #{visit o.right}"
+ else
+ super
+ end
+ end
+
def visit_Arel_Nodes_BindParam o
if @block
@block.call
@@ -19,6 +28,7 @@ def visit_Arel_Nodes_BindParam o
super
end
end
+
end
end
end
View
21 test/visitors/test_bind_visitor.rb
@@ -1,9 +1,28 @@
require 'helper'
require 'arel/visitors/bind_visitor'
+require 'support/fake_record'
module Arel
module Visitors
- class TestBindVisitor < MiniTest::Unit::TestCase
+ class TestBindVisitor < MiniTest::Unit::TestCase
+
+ ##
+ # Tests visit_Arel_Nodes_Assignment correctly
+ # substitutes binds with values from block
+ def test_assignment_binds_are_substituted
+ table = Table.new(:users)
+ um = Arel::UpdateManager.new Table.engine
+ bp = Nodes::BindParam.new '?'
+ um.set [[table[:name], bp]]
+ visitor = Class.new(Arel::Visitors::ToSql) {
+ include Arel::Visitors::BindVisitor
+ }.new Table.engine.connection
+
+ assignment = um.ast.values[0]
+ actual = visitor.accept(assignment) { "replace" }
+ actual.must_be_like "\"name\" = replace"
+ end
+
def test_visitor_yields_on_binds
visitor = Class.new(Arel::Visitors::Visitor) {
def initialize omg
Something went wrong with that request. Please try again.