Hi all!
Recently I discovered that AR tries to treat question marks inside SQL
string literals as parameters, however this behaviour shows in very rare
cases, for example (very odd, but...):
User.where("NOT EXISTS (#{ Comment.where(''user_id = users.id AND
body ILIKE
?'', ''%?'').to_sql }) AND created_at > ?",
Date.yesterday).to_sql
It will fail, because inner SQL will contain qmark inside of literal, which
AR will count as query parameter
(https://github.com/rails/rails/blob/master/activerecord/lib/active_record/sanitization.rb#L129),
but there is only one argument.
However, this will work (because AR skip parameter binding when no
arguments are given):
User.where("NOT EXISTS (#{ Comment.where(''user_id = users.id AND
body ILIKE
?'', ''%?'').to_sql })").to_sql
So is it a minor bug or a correct behaviour?
P.S. Unlike AR, database drivers don''t try to bind qmarks inside of
string
literals
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.