Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Reverting e170014 (Change behaviour with empty hash in where clause)

  • Loading branch information...
commit 29f3a036e7ab5199b8a793bfab6454802eaec1b3 1 parent b5645d0
@guilleiguaran guilleiguaran authored
5 activerecord/
@@ -1,10 +1,5 @@
## Rails 4.0.0 (unreleased) ##
-* Raise `ArgumentError` instead of generating invalid SQL when empty hash is
- used in where clause value.
- *Roberto Miranda*
* Quote numeric values being compared to non-numeric columns. Otherwise,
in some database, the string column values will be coerced to a numeric
allowing 0, 0.0 or false to match any string starting with a non-digit.
2  activerecord/lib/active_record/relation/predicate_builder.rb
@@ -8,7 +8,7 @@ def self.build_from_hash(klass, attributes, default_table)
if value.is_a?(Hash)
if value.empty?
- raise ArgumentError, "Condition value in SQL clause can't be an empty hash"
+ queries << '1 = 2'
table =, default_table.engine)
association = klass.reflect_on_association(column.to_sym)
8 activerecord/test/cases/relation/where_test.rb
@@ -92,9 +92,7 @@ def test_where_with_table_name
def test_where_with_table_name_and_empty_hash
- assert_raises(ArgumentError) do
- Post.where(:posts => {})
- end
+ assert_equal 0, Post.where(:posts => {}).count
def test_where_with_table_name_and_empty_array
@@ -102,9 +100,7 @@ def test_where_with_table_name_and_empty_array
def test_where_with_empty_hash_and_no_foreign_key
- assert_raises(ArgumentError) do
- Edge.where(:sink => {}).count
- end
+ assert_equal 0, Edge.where(:sink => {}).count
def test_where_with_blank_conditions

2 comments on commit 29f3a03


A empty query(using where) should just ignore the condition returning to normal query, intead of a exception or return 0 elements. Do not you think?

Post.where({}) is somethink like SELECT * FROM posts (WHERE NO CONDITIONS).

If a have a dynamic hash and the generator of this hash output a empty hash, that means I have no conditions.

I think this would be the best conversion.


Notice that this is related to a query like where(:attribute => {}), which is different from your example where({}). The former must return nothing since it might be vulnerable to injection. The latter is just ignored by the where method.

Please sign in to comment.
Something went wrong with that request. Please try again.