Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #14261 from MSch/bound-parameters-for-exists

Make exists? use bound values.
  • Loading branch information...
commit ef7e7ad7e9c11916865b7e3e9f0c754a4e6fc775 2 parents ccf8f27 + f317cc8
@tenderlove tenderlove authored
View
7 activerecord/lib/active_record/relation/finder_methods.rb
@@ -292,7 +292,12 @@ def exists?(conditions = :none)
when Array, Hash
relation = relation.where(conditions)
else
- relation = relation.where(table[primary_key].eq(conditions)) if conditions != :none
+ if conditions != :none
+ column = columns_hash[primary_key]
+ substitute = connection.substitute_at(column, bind_values.length)
+ relation = where(table[primary_key].eq(substitute))
+ relation.bind_values += [[column, conditions]]
+ end
end
connection.select_value(relation, "#{name} Exists", relation.bind_values) ? true : false
View
16 activerecord/test/cases/finder_test.rb
@@ -58,15 +58,27 @@ def test_exists
assert_equal false, Topic.exists?(45)
assert_equal false, Topic.exists?(Topic.new)
+ assert_raise(NoMethodError) { Topic.exists?([1,2]) }
+ end
+
+ def test_exists_fails_when_parameter_has_invalid_type
+ begin
+ assert_equal false, Topic.exists?(("9"*53).to_i) # number that's bigger than int
+ flunk if defined? ActiveRecord::ConnectionAdapters::PostgreSQLAdapter and Topic.connection.is_a? ActiveRecord::ConnectionAdapters::PostgreSQLAdapter # PostgreSQL does raise here
+ rescue ActiveRecord::StatementInvalid
+ # PostgreSQL complains that it can't coerce a numeric that's bigger than int into int
+ rescue Exception
+ flunk
+ end
+
begin
assert_equal false, Topic.exists?("foo")
+ flunk if defined? ActiveRecord::ConnectionAdapters::PostgreSQLAdapter and Topic.connection.is_a? ActiveRecord::ConnectionAdapters::PostgreSQLAdapter # PostgreSQL does raise here
rescue ActiveRecord::StatementInvalid
# PostgreSQL complains about string comparison with integer field
rescue Exception
flunk
end
-
- assert_raise(NoMethodError) { Topic.exists?([1,2]) }
end
def test_exists_does_not_select_columns_without_alias
Please sign in to comment.
Something went wrong with that request. Please try again.