This project is archived and is in readonly mode.

#2554 ✓stale
Erik Bryn

ActiveRecord::Base#sanitize_sql_hash_for_conditions & #sanitize_sql_hash_for_assignment should pass column to #quote_bound_value

Reported by Erik Bryn | April 24th, 2009 @ 03:02 AM | in 3.x

Attached is a patch that tweaks ActiveRecord::Base#sanitize_sql_hash_for_conditions and ActiveRecord::Base#sanitize_sql_hash_for_assignment to pass the column object for attributes, so adapters can better handle quoting their values.

For example, the SQL Server ActiveRecord adapter needs to prefix N to Unicode literals.

It's passing all MySQL tests.

Comments and changes to this ticket

  • Ken Collins

    Ken Collins May 12th, 2009 @ 02:52 PM

    I just tried this patch on current master and it does pass all the tests in all three DBs. Can their be tests added for this? It might get acceptance quicker if it did? For instance test that the postgresql quoting for say the bit hexadecimal type?

            elsif value.kind_of?(String) && column && column.sql_type =~ /^bit/
              case value
                when /^[01]*$/
                  "B'#{value}'" # Bit-string notation
                when /^[0-9A-F]*$/i
                  "X'#{value}'" # Hexadecimal notation

    If there is no matching schema in the postgresql_specific_schema.rb file, I'm sure one can be added. What do you think?

  • Bruce Burdick

    Bruce Burdick September 26th, 2009 @ 11:55 PM

    This is a really bad design that will result in data corruption every time it is passed a string representing a hexadecimal number that is strictly composed of zeros and ones. It is not possible to determine whether such a string represents a binary or hexadecimal number by scanning its contents. Ruby itself imposes prefix tags to make this distinction: e.g. 0b1010 vs. 0x1010. No ActiveRecord DB driver should pretend to infer the base of an untagged string of ones and zeros.

    The solution must either:
    * avoid using bitstring column types altogether (not preferred) * pick either binary or hexadecimal, reject the other, and fix the driver code * reject untagged strings and fix the driver code

  • Bruce Burdick
  • Bruce Burdick
  • Bruce Burdick

    Bruce Burdick September 27th, 2009 @ 12:13 AM

    To be clear: I'm referring to the code block posted by Ken Collins, not to Erik Bryn's diff (which I have not read).

  • Ken Collins

    Ken Collins October 2nd, 2009 @ 04:07 PM

    Man this is old and I have no idea what I was even talking about. I'll just bow out now :)

  • Jeremy Kemper

    Jeremy Kemper May 4th, 2010 @ 06:48 PM

    • Milestone changed from 2.x to 3.x
  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 05:02 PM

    • State changed from “new” to “open”
    • Importance changed from “” to “”

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 05:02 PM

    • State changed from “open” to “stale”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket