Merge pull request rails#47247 from matthewd/quote-bound-value

matthewd · web-flow · commit f8e3bde899fc · 2023-02-04T20:31:19.000+10:30
Bring back quote_bound_value &amp; deprecate instead
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -47,10 +47,25 @@ def type_cast(value)
         end
       end
 
+      # Quote a value to be used as a bound parameter of unknown type. For example,
+      # MySQL might perform dangerous castings when comparing a string to a number,
+      # so this method will cast numbers to string.
+      #
+      # Deprecated: Consider `Arel.sql("... ? ...", value)` or
+      # +sanitize_sql+ instead.
+      def quote_bound_value(value)
+        ActiveRecord.deprecator.warn(<<~MSG.squish)
+          #quote_bound_value is deprecated and will be removed in Rails 7.2.
+          Consider Arel.sql(".. ? ..", value) or #sanitize_sql instead.
+        MSG
+
+        quote(cast_bound_value(value))
+      end
+
       # Cast a value to be used as a bound parameter of unknown type. For example,
       # MySQL might perform dangerous castings when comparing a string to a number,
       # so this method will cast numbers to string.
-      def cast_bound_value(value)
+      def cast_bound_value(value) # :nodoc:
         value
       end
 
diff --git a/activerecord/test/cases/adapters/mysql2/quoting_test.rb b/activerecord/test/cases/adapters/mysql2/quoting_test.rb
@@ -32,4 +32,34 @@ def test_cast_bound_true
   def test_cast_bound_false
     assert_equal "0", @conn.cast_bound_value(false)
   end
+
+  def test_quote_bound_integer
+    expected = assert_deprecated(ActiveRecord.deprecator) { @conn.quote_bound_value(42) }
+    assert_equal "'42'", expected
+  end
+
+  def test_quote_bound_big_decimal
+    expected = assert_deprecated(ActiveRecord.deprecator) { @conn.quote_bound_value(BigDecimal("4.2")) }
+    assert_equal "'4.2'", expected
+  end
+
+  def test_quote_bound_rational
+    expected = assert_deprecated(ActiveRecord.deprecator) { @conn.quote_bound_value(Rational(3, 4)) }
+    assert_equal "'0.75'", expected
+  end
+
+  def test_quote_bound_duration
+    expected = assert_deprecated(ActiveRecord.deprecator) { @conn.quote_bound_value(42.seconds) }
+    assert_equal "'42'", expected
+  end
+
+  def test_quote_bound_true
+    expected = assert_deprecated(ActiveRecord.deprecator) { @conn.quote_bound_value(true) }
+    assert_equal "'1'", expected
+  end
+
+  def test_quote_bound_false
+    expected = assert_deprecated(ActiveRecord.deprecator) { @conn.quote_bound_value(false) }
+    assert_equal "'0'", expected
+  end
 end
