validates_uniqueness_of doesn't escape attributes
Reported by Alex MacCaw | April 19th, 2008 @ 09:39 AM
Let's say I have a table with a column called 'key' (which is a SQL keyword). If I try and validate_uniqueness_of :key, the SQL query fails, since the attribute 'key' isn't escaped:
SELECT key FROM `api_tickets` WHERE (LOWER(`api_tickets`.key) = 'asdsd')
Should be:
SELECT `api_tickets`.key FROM `api_tickets` WHERE (LOWER(`api_tickets`.key) = 'asdsd')
Patch is attached.
Comments and changes to this ticket
-
Alex MacCaw April 19th, 2008 @ 09:40 AM
- no changes were found...
-
-
rick April 19th, 2008 @ 04:28 PM
It's not actually quoting the column name though, is it? It looks like it's only disambiguating the column name by adding the table name to it.
-
Alex MacCaw April 19th, 2008 @ 04:48 PM
That's right. I thought about escaping the column name, however I decided I'd follow the convention which seems to escape the table name, rather than the column name (and provides a ready method to do so).
-
Frederick Cheung April 19th, 2008 @ 07:54 PM
Surely you only need to escape the column name though (and could not escaping the column break things if it was called something like "foo from"?)
-
Alex MacCaw April 19th, 2008 @ 10:38 PM
I didn't know you could have spaces in column names - but if this is a problem then by all means just escape the column name.
-
Michael Koziarski April 23rd, 2008 @ 09:23 AM
Yeah, this looks good to go if you could switch it to use quote_column_name instead of the table name, and upload the two patches into a single patch file. For instructions on using git-format-patch see http://www.tpope.net/rails-git-b...
Nice find, and nice work.
-
DHH May 1st, 2008 @ 05:36 AM
- → State changed from “new” to “incomplete”
Change status to open when koz's suggestions are implemented.
-
Alex MacCaw May 4th, 2008 @ 12:30 PM
- no changes were found...
-
Alex MacCaw May 5th, 2008 @ 05:53 PM
I don't think uploading a file to a ticket makes it go back into the feed. I've added the changes koz suggested and re-uploaded the patch (in Git's format).
-
Michael Koziarski May 5th, 2008 @ 09:18 PM
- → State changed from “incomplete” to “open”
-
Repository May 11th, 2008 @ 07:30 PM
- → State changed from “open” to “resolved”
(from [4cc594bd708df1ec67b61833493198ab0009c627]) Fix validates_uniqueness_of for SQL keywords [#23 state:resolved]
Signed-off-by: Pratik Naik
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Source available from github
The Git repository resides at http://github.com/rails
Check out the current development trunk (Edge Rails) with:
git clone git://github.com/rails/rails.git
Creating or reviewing a patch
See the contributor guide.
Creating a feature request
Please don't. If you want a new feature in Rails, you'll have to pull up your sleeves and get busy yourself. Or convince someone else to do it. See the contributor guide on how to get going. But posting them here is just going to lead to ticket root.
Creating a bug report
When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.
Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.
Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too".
