This project is archived and is in readonly mode.

#2158 ✓resolved
Will Bryant

:having conditions need sanitizing

Reported by Will Bryant | March 6th, 2009 @ 10:16 PM | in 2.x

The recently-introduced :having support isn't sanitizing the conditions, so whereas:

:having => 'sum(credit_limit) > 50'

works,

:having => ['sum(credit_limit) > ?', 50]

This is a bit of a hole since HAVING is almost always used with values, which will as often as not come in dynamically. The attached patch sanitizes them as for :conditions.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Referenced by

Pages