use ActiveRecord quoting for table, column names

Luke Baker
1 parent f5dfa78b
Showing 1 changed file with 8 additions and 10 deletions Show diff stats
app/models/choice.rb
@@ -70,7 +70,11 @@ class Choice &lt; ActiveRecord::Base
  
   def compute_score!
     self.score = compute_score
-    Choice.connection.execute("UPDATE `choices` SET `score` = #{self.score}, `updated_at` = '#{Time.now.utc.to_s(:db)}' WHERE `id` = #{self.id}")
+    Choice.connection = conn
+    conn.execute("UPDATE #{conn.quote_table_name('choices')} SET
+      #{conn.quote_column_name('score')} = #{self.score},
+      #{conn.quote_column_name('updated_at')} = '#{Time.now.utc.to_s(:db)}' WHERE
+      #{conn.quote_column_name('id')} = #{self.id}")
   end
  
   def user_created
@@ -127,18 +131,12 @@ class Choice &lt; ActiveRecord::Base
     previous_choices.each do |l|
 	inserts.push("(NULL, #{self.question_id}, NULL, #{l.id}, '#{timestring}', '#{timestring}', NULL, 0, #{self.id}, NULL, NULL)")
     end
-    sql = "INSERT INTO `prompts` (`algorithm_id`, `question_id`, `voter_id`, `left_choice_id`, `created_at`, `updated_at`, `tracking`, `votes_count`, `right_choice_id`, `active`, `randomkey`) VALUES #{inserts.join(', ')}"
+    conn = Prompts.connection
+    sql = "INSERT INTO #{conn.quote_table_name('prompts')} (#{conn.quote_column_name('algorithm_id')}, #{conn.quote_column_name('question_id')}, #{conn.quote_column_name('voter_id')}, #{conn.quote_column_name('left_choice_id')}, #{conn.quote_column_name('created_at')}, #{conn.quote_column_name('updated_at')}, #{conn.quote_column_name('tracking')}, #{conn.quote_column_name('votes_count')}, #{conn.quote_column_name('right_choice_id')}, #{conn.quote_column_name('active')}, #{conn.quote_column_name('randomkey')}) VALUES #{inserts.join(', ')}"
  
     Question.update_counters(self.question_id, :prompts_count => 2*previous_choices.size)
  
  
-    ActiveRecord::Base.connection.execute(sql)
-
-#VALUES (NULL, 108, NULL, 1892, '2010-03-16 11:12:37', '2010-03-16 11:12:37', NULL, 0, 1893, NULL, NULL)
-#    INSERT INTO `prompts` (`algorithm_id`, `question_id`, `voter_id`, `left_choice_id`, `created_at`, `updated_at`, `tracking`, `votes_count`, `right_choice_id`, `active`, `randomkey`) VALUES(NULL, 108, NULL, 1892, '2010-03-16 11:12:37', '2010-03-16 11:12:37', NULL, 0, 1893, NULL, NULL)
-    #previous_choices.each { |c|
-    #  question.prompts.create!(:left_choice => c, :right_choice => self)
-    #  question.prompts.create!(:left_choice => self, :right_choice => c)
-    #}
+    conn.execute(sql)
   end
 end
...	...	@@ -70,7 +70,11 @@ class Choice < ActiveRecord::Base
70	70
71	71	def compute_score!
72	72	self.score = compute_score
73		- Choice.connection.execute("UPDATE `choices` SET `score` = #{self.score}, `updated_at` = '#{Time.now.utc.to_s(:db)}' WHERE `id` = #{self.id}")
	73	+ Choice.connection = conn
	74	+ conn.execute("UPDATE #{conn.quote_table_name('choices')} SET
	75	+ #{conn.quote_column_name('score')} = #{self.score},
	76	+ #{conn.quote_column_name('updated_at')} = '#{Time.now.utc.to_s(:db)}' WHERE
	77	+ #{conn.quote_column_name('id')} = #{self.id}")
74	78	end
75	79
76	80	def user_created
...	...	@@ -127,18 +131,12 @@ class Choice < ActiveRecord::Base
127	131	previous_choices.each do \|l\|
128	132	inserts.push("(NULL, #{self.question_id}, NULL, #{l.id}, '#{timestring}', '#{timestring}', NULL, 0, #{self.id}, NULL, NULL)")
129	133	end
130		- sql = "INSERT INTO `prompts` (`algorithm_id`, `question_id`, `voter_id`, `left_choice_id`, `created_at`, `updated_at`, `tracking`, `votes_count`, `right_choice_id`, `active`, `randomkey`) VALUES #{inserts.join(', ')}"
	134	+ conn = Prompts.connection
	135	+ sql = "INSERT INTO #{conn.quote_table_name('prompts')} (#{conn.quote_column_name('algorithm_id')}, #{conn.quote_column_name('question_id')}, #{conn.quote_column_name('voter_id')}, #{conn.quote_column_name('left_choice_id')}, #{conn.quote_column_name('created_at')}, #{conn.quote_column_name('updated_at')}, #{conn.quote_column_name('tracking')}, #{conn.quote_column_name('votes_count')}, #{conn.quote_column_name('right_choice_id')}, #{conn.quote_column_name('active')}, #{conn.quote_column_name('randomkey')}) VALUES #{inserts.join(', ')}"
131	136
132	137	Question.update_counters(self.question_id, :prompts_count => 2*previous_choices.size)
133	138
134	139
135		- ActiveRecord::Base.connection.execute(sql)
136		-
137		-#VALUES (NULL, 108, NULL, 1892, '2010-03-16 11:12:37', '2010-03-16 11:12:37', NULL, 0, 1893, NULL, NULL)
138		-# INSERT INTO `prompts` (`algorithm_id`, `question_id`, `voter_id`, `left_choice_id`, `created_at`, `updated_at`, `tracking`, `votes_count`, `right_choice_id`, `active`, `randomkey`) VALUES(NULL, 108, NULL, 1892, '2010-03-16 11:12:37', '2010-03-16 11:12:37', NULL, 0, 1893, NULL, NULL)
139		- #previous_choices.each { \|c\|
140		- # question.prompts.create!(:left_choice => c, :right_choice => self)
141		- # question.prompts.create!(:left_choice => self, :right_choice => c)
142		- #}
	140	+ conn.execute(sql)
143	141	end
144	142	end
...	...