Permalink
Browse files

Reverting e170014 (Change behaviour with empty hash in where clause)

  • Loading branch information...
1 parent b5645d0 commit 29f3a036e7ab5199b8a793bfab6454802eaec1b3 @guilleiguaran guilleiguaran committed Feb 8, 2013
@@ -1,10 +1,5 @@
## Rails 4.0.0 (unreleased) ##
-* Raise `ArgumentError` instead of generating invalid SQL when empty hash is
- used in where clause value.
-
- *Roberto Miranda*
-
* Quote numeric values being compared to non-numeric columns. Otherwise,
in some database, the string column values will be coerced to a numeric
allowing 0, 0.0 or false to match any string starting with a non-digit.
@@ -8,7 +8,7 @@ def self.build_from_hash(klass, attributes, default_table)
if value.is_a?(Hash)
if value.empty?
- raise ArgumentError, "Condition value in SQL clause can't be an empty hash"
+ queries << '1 = 2'
else
table = Arel::Table.new(column, default_table.engine)
association = klass.reflect_on_association(column.to_sym)
@@ -92,19 +92,15 @@ def test_where_with_table_name
end
def test_where_with_table_name_and_empty_hash
- assert_raises(ArgumentError) do
- Post.where(:posts => {})
- end
+ assert_equal 0, Post.where(:posts => {}).count
end
def test_where_with_table_name_and_empty_array
assert_equal 0, Post.where(:id => []).count
end
def test_where_with_empty_hash_and_no_foreign_key
- assert_raises(ArgumentError) do
- Edge.where(:sink => {}).count
- end
+ assert_equal 0, Edge.where(:sink => {}).count
end
def test_where_with_blank_conditions

2 comments on commit 29f3a03

Contributor

sadjow replied Feb 9, 2013

A empty query(using where) should just ignore the condition returning to normal query, intead of a exception or return 0 elements. Do not you think?

Post.where({}) is somethink like SELECT * FROM posts (WHERE NO CONDITIONS).

If a have a dynamic hash and the generator of this hash output a empty hash, that means I have no conditions.

I think this would be the best conversion.

Notice that this is related to a query like where(:attribute => {}), which is different from your example where({}). The former must return nothing since it might be vulnerable to injection. The latter is just ignored by the where method.

Please sign in to comment.