diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG
index df012b91ca..10387d04ef 100644
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Patch sql injection vulnerability when using integer or float columns. [Jamis Buck]
+
 * Allow #count through a has_many association to accept :include.  [Dan Peterson]
 
 * create_table rdoc: suggest :id => false for habtm join tables. [Zed Shaw]
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
index 1c1b00252c..94d1d9c43f 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -11,7 +11,8 @@ def quote(value, column = nil)
           when String
             if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
               "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
-            elsif column && [:integer, :float].include?(column.type) 
+            elsif column && [:integer, :float].include?(column.type)
+              value = column.type == :integer ? value.to_i : value.to_f
               value.to_s
             else
               "'#{quote_string(value)}'" # ' (for ruby-mode)
diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb
index b07ec3eacd..a2652b04b6 100755
--- a/activerecord/test/base_test.rb
+++ b/activerecord/test/base_test.rb
@@ -961,6 +961,12 @@ def test_quote_keys
     assert_equal("<baz>", inverted["quux"])
   end
 
+  def test_sql_injection_via_find
+    assert_raises(ActiveRecord::RecordNotFound) do
+      Topic.find("123456 OR id > 0")
+    end
+  end
+
   def test_column_name_properly_quoted
     col_record = ColumnName.new
     col_record.references = 40