This project is archived and is in readonly mode.
validates_uniqueness_of doesn't escape attributes
Reported by Alex MacCaw | April 19th, 2008 @ 09:39 AM
Let's say I have a table with a column called 'key' (which is a SQL keyword). If I try and validate_uniqueness_of :key, the SQL query fails, since the attribute 'key' isn't escaped:
SELECT key FROM `api_tickets` WHERE (LOWER(`api_tickets`.key) = 'asdsd')
Should be:
SELECT `api_tickets`.key FROM `api_tickets` WHERE (LOWER(`api_tickets`.key) = 'asdsd')
Patch is attached.
Comments and changes to this ticket
-
Alex MacCaw April 19th, 2008 @ 09:40 AM
- no changes were found...
-
-
Rick April 19th, 2008 @ 04:28 PM
It's not actually quoting the column name though, is it? It looks like it's only disambiguating the column name by adding the table name to it.
-
Alex MacCaw April 19th, 2008 @ 04:48 PM
That's right. I thought about escaping the column name, however I decided I'd follow the convention which seems to escape the table name, rather than the column name (and provides a ready method to do so).
-
Frederick Cheung April 19th, 2008 @ 07:54 PM
Surely you only need to escape the column name though (and could not escaping the column break things if it was called something like "foo from"?)
-
Alex MacCaw April 19th, 2008 @ 10:38 PM
I didn't know you could have spaces in column names - but if this is a problem then by all means just escape the column name.
-
Michael Koziarski April 23rd, 2008 @ 09:23 AM
Yeah, this looks good to go if you could switch it to use quote_column_name instead of the table name, and upload the two patches into a single patch file. For instructions on using git-format-patch see http://www.tpope.net/rails-git-b...
Nice find, and nice work.
-
DHH May 1st, 2008 @ 05:36 AM
- State changed from “new” to “incomplete”
Change status to open when koz's suggestions are implemented.
-
Alex MacCaw May 4th, 2008 @ 12:30 PM
- no changes were found...
-
Alex MacCaw May 5th, 2008 @ 05:53 PM
I don't think uploading a file to a ticket makes it go back into the feed. I've added the changes koz suggested and re-uploaded the patch (in Git's format).
-
Michael Koziarski May 5th, 2008 @ 09:18 PM
- State changed from “incomplete” to “open”
-
Repository May 11th, 2008 @ 07:30 PM
- State changed from “open” to “resolved”
(from [4cc594bd708df1ec67b61833493198ab0009c627]) Fix validates_uniqueness_of for SQL keywords [#23 state:resolved]
Signed-off-by: Pratik Naik
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Alex MacCaw
DHH
Frederick Cheung
Michael Koziarski
Attachments
Tags
Referenced by
-
580
validates_uniqueness_of does not escape column names
http://rails.lighthouseapp.com/p...