Added that update_all calls sanitize_sql on its updates argument, so stuff like MyRecord.update_all(['time = ?', Time.now]) works #519 [notahat]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@489 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2005-01-24 13:06:12 +00:00 · 2005-01-24 13:06:12 +00:00 · 566a36966b
commit 566a36966b
parent 93ec130377
3 changed files with 6 additions and 1 deletions
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
@ -1,5 +1,7 @@
 *SVN*

+* Added that update_all calls sanitize_sql on its updates argument, so stuff like MyRecord.update_all(['time = ?', Time.now]) works #519 [notahat]
+
 * Fixed that the dynamic finders didn't treat nil as a "IS NULL" but rather "= NULL" case #515 [Demetrius]

 * Added bind-named arrays for interpolating a group of ids or strings in conditions #528 [bitsweat]
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@ -368,7 +368,7 @@ def destroy(id)
      # A subset of the records can be selected by specifying +conditions+. Example:
      #   Billing.update_all "category = 'authorized', approved = 1", "author = 'David'"
      def update_all(updates, conditions = nil)
-        sql  = "UPDATE #{table_name} SET #{updates} "
+        sql  = "UPDATE #{table_name} SET #{sanitize_sql(updates)} "
        add_conditions!(sql, conditions)
        return connection.update(sql, "#{name} Update")
      end
--- a/activerecord/test/base_test.rb
+++ b/activerecord/test/base_test.rb
@ -287,6 +287,9 @@ def test_update_all
    assert_equal 2, Topic.update_all("content = 'bulk updated!'")
    assert_equal "bulk updated!", Topic.find(1).content
    assert_equal "bulk updated!", Topic.find(2).content
+    assert_equal 2, Topic.update_all(['content = ?', 'bulk updated again!']);
+    assert_equal "bulk updated again!", Topic.find(1).content
+    assert_equal "bulk updated again!", Topic.find(2).content
  end

  def test_delete_all