activerecord 1.1.0 → 1.2.0

data/lib/active_record/acts/tree.rb

@@ -0,0 +1,44 @@
+module ActiveRecord
+  module Acts #:nodoc:
+    module Tree #:nodoc:
+      def self.append_features(base)
+        super        
+        base.extend(ClassMethods)              
+      end  
+
+      # Specify this act if you want to model a tree structure by providing a parent association and an children 
+      # association. This act assumes that requires that you have a foreign key column, which by default is called parent_id.
+      # 
+      #   class Category < ActiveRecord::Base
+      #     acts_as_tree :order => "name"
+      #   end
+      #   
+      #   Example : 
+      #   root
+      #    \_ child1 
+      #         \_ sub-child1
+      #
+      #   root      = Category.create("name" => "root")
+      #   child1      = root.children.create("name" => "child1")
+      #   subchild1   = child1.children.create("name" => "subchild1")
+      #
+      #   root.parent # => nil
+      #   child1.parent # => root
+      #   root.children # => [child1]
+      #   root.children.first.children.first # => subchild1
+      module ClassMethods
+        # Configuration options are:
+        #
+        # * <tt>foreign_key</tt> - specifies the column name to use for track of the tree (default: parent_id)
+        # * <tt>order</tt> - makes it possible to sort the children according to this SQL snippet.
+        def acts_as_tree(options = {})
+          configuration = { :foreign_key => "parent_id", :order => nil }
+          configuration.update(options) if options.is_a?(Hash)
+          
+          belongs_to :parent, :class_name => name, :foreign_key => configuration[:foreign_key]
+          has_many :children, :class_name => name, :foreign_key => configuration[:foreign_key], :order => configuration[:order], :dependent => true
+        end
+      end
+    end
+  end
+end

data/lib/active_record/associations.rb

@@ -3,6 +3,10 @@ require 'active_record/associations/has_many_association'
 require 'active_record/associations/has_and_belongs_to_many_association'
 require 'active_record/deprecated_associations'
 
+unless Object.respond_to?(:require_association)
+  Object.send(:define_method, :require_association) { |file_name| ActiveRecord::Base.require_association(file_name) }
+end
+
 module ActiveRecord
   module Associations # :nodoc:
     def self.append_features(base)
@@ -166,6 +170,8 @@ module ActiveRecord
       #   May not be set if :dependent is also set.
       # * <tt>:finder_sql</tt>  - specify a complete SQL statement to fetch the association. This is a good way to go for complex
       #   associations that depends on multiple tables. Note: When this option is used, +find_in_collection+ is _not_ added.
+      # * <tt>:counter_sql</tt>  - specify a complete SQL statement to fetch the size of the association. If +:finder_sql+ is
+      #   specified but +:counter_sql+, +:counter_sql+ will be generated by replacing SELECT ... FROM with SELECT COUNT(*) FROM.
       #
       # Option examples:
       #   has_many :comments, :order => "posted_on"
@@ -177,16 +183,18 @@ module ActiveRecord
       #       'WHERE ps.post_id = #{id} AND ps.person_id = p.id ' +
       #       'ORDER BY p.first_name'
       def has_many(association_id, options = {})
-        validate_options([ :foreign_key, :class_name, :exclusively_dependent, :dependent, :conditions, :order, :finder_sql ], options.keys)
+        validate_options([ :foreign_key, :class_name, :exclusively_dependent, :dependent, :conditions, :order, :finder_sql, :counter_sql ], options.keys)
         association_name, association_class_name, association_class_primary_key_name =
               associate_identification(association_id, options[:class_name], options[:foreign_key])
  
+        require_association_class(association_class_name)
+
         if options[:dependent] and options[:exclusively_dependent]
-          raise ArgumentError, ':dependent and :exclusively_dependent are mutually exclusive options.  You may specify one or the other.'
+          raise ArgumentError, ':dependent and :exclusively_dependent are mutually exclusive options.  You may specify one or the other.' # ' ruby-mode
         elsif options[:dependent]
           module_eval "before_destroy '#{association_name}.each { |o| o.destroy }'"
         elsif options[:exclusively_dependent]
-          module_eval "before_destroy { |record| #{association_class_name}.delete_all(%(#{association_class_primary_key_name} = '\#{record.id}')) }"
+          module_eval "before_destroy { |record| #{association_class_name}.delete_all(%(#{association_class_primary_key_name} = \#{record.quoted_id})) }"
         end
 
         define_method(association_name) do |*params|
@@ -260,6 +268,8 @@ module ActiveRecord
         association_name, association_class_name, class_primary_key_name =
             associate_identification(association_id, options[:class_name], options[:foreign_key], false)
 
+        require_association_class(association_class_name)
+
         has_one_writer_method(association_name, association_class_name, class_primary_key_name)
         build_method("build_", association_name, association_class_name, class_primary_key_name)
         create_method("create_", association_name, association_class_name, class_primary_key_name)
@@ -310,12 +320,14 @@ module ActiveRecord
           association_name, association_class_name, class_primary_key_name =
               associate_identification(association_id, options[:class_name], options[:foreign_key], false)
 
+          require_association_class(association_class_name)
+
           association_class_primary_key_name = options[:foreign_key] || Inflector.underscore(Inflector.demodulize(association_class_name)) + "_id"
 
           if options[:remote]
             association_finder = <<-"end_eval"
               #{association_class_name}.find_first(
-                "#{class_primary_key_name} = '\#{id}'#{options[:conditions] ? " AND " + options[:conditions] : ""}",
+                "#{class_primary_key_name} = \#{quoted_id}#{options[:conditions] ? " AND " + options[:conditions] : ""}",
                 #{options[:order] ? "\"" + options[:order] + "\"" : "nil" }
               )
             end_eval
@@ -411,9 +423,10 @@ module ActiveRecord
         association_name, association_class_name, association_class_primary_key_name =
               associate_identification(association_id, options[:class_name], options[:foreign_key])
 
-        join_table  = options[:join_table] || 
+        require_association_class(association_class_name)
+
+        join_table = options[:join_table] || 
           join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(association_class_name))
- 
         
         define_method(association_name) do |*params|
           force_reload = params.first unless params.empty?
@@ -428,7 +441,7 @@ module ActiveRecord
           association
         end
 
-        before_destroy_sql = "DELETE FROM #{join_table} WHERE #{association_class_primary_key_name} = '\\\#{self.id}'"
+        before_destroy_sql = "DELETE FROM #{join_table} WHERE #{association_class_primary_key_name} = \\\#{self.quoted_id}"
         module_eval(%{before_destroy "self.connection.delete(%{#{before_destroy_sql}})"}) # "
         
         # deprecated api
@@ -438,6 +451,20 @@ module ActiveRecord
         deprecated_has_collection_method(association_name)
       end
 
+      # Loads the <tt>file_name</tt> if reload_associations is true or requires if it's false.
+      def require_association(file_name)
+        if !associations_loaded.include?(file_name)
+          associations_loaded << file_name
+          reload_associations ? silence_warnings { load("#{file_name}.rb") } : require(file_name)
+        end
+      end
+
+      # Resets the list of dependencies loaded (typically to be called by the end of a request), so when require_association is
+      # called for that dependency it'll be loaded anew.
+      def reset_associations_loaded
+        self.associations_loaded = []
+      end
+
       private
         # Raises an exception if an invalid option has been specified to prevent misspellings from slipping through 
         def validate_options(valid_option_keys, supplied_option_keys)
@@ -552,6 +579,16 @@ module ActiveRecord
             end
           end_eval
         end
+
+        def require_association_class(class_name)
+          return unless class_name
+          
+          begin
+            require_association(Inflector.underscore(class_name))
+          rescue LoadError
+            # Failed to load the associated class -- let's hope the developer is doing the requiring himself.
+          end
+        end
     end
   end
-end
+end

data/lib/active_record/associations/association_collection.rb

@@ -37,11 +37,14 @@ module ActiveRecord
       # Add +records+ to this association.  Returns +self+ so method calls may be chained.  
       # Since << flattens its argument list and inserts each record, +push+ and +concat+ behave identically.
       def <<(*records)
-        flatten_deeper(records).each do |record|
-          raise_on_type_mismatch(record)
-          insert_record(record)
-          @collection << record if loaded?
+        @owner.transaction do
+          flatten_deeper(records).each do |record|
+            raise_on_type_mismatch(record)
+            insert_record(record)
+            @collection << record if loaded?
+          end
         end
+
         self
       end
 
@@ -51,13 +54,19 @@ module ActiveRecord
       # Remove +records+ from this association.  Does not destroy +records+.
       def delete(*records)
         records = flatten_deeper(records)
-        records.each { |record| raise_on_type_mismatch(record) }
-        delete_records(records)
-        records.each { |record| @collection.delete(record) } if loaded?
+        
+        @owner.transaction do
+          records.each { |record| raise_on_type_mismatch(record) }
+          delete_records(records)
+          records.each { |record| @collection.delete(record) } if loaded?
+        end
       end
       
       def destroy_all
-        each { |record| record.destroy }
+        @owner.transaction do
+          each { |record| record.destroy }
+        end
+
         @collection = []
       end
       
@@ -81,7 +90,7 @@ module ActiveRecord
         end
 
         def quoted_record_ids(records)
-          records.map { |record| "'#{@association_class.send(:sanitize, record.id)}'" }.join(',')
+          records.map { |record| record.quoted_id }.join(',')
         end
 
         def interpolate_sql_options!(options, *keys)

data/lib/active_record/associations/has_and_belongs_to_many_association.rb

@@ -3,17 +3,17 @@ module ActiveRecord
     class HasAndBelongsToManyAssociation < AssociationCollection #:nodoc:
       def initialize(owner, association_name, association_class_name, association_class_primary_key_name, join_table, options)
         super(owner, association_name, association_class_name, association_class_primary_key_name, options)
-            
-        @association_foreign_key = options[:association_foreign_key] || Inflector.underscore(Inflector.demodulize(association_class_name.downcase)) + "_id"
+
+        @association_foreign_key = options[:association_foreign_key] || Inflector.underscore(Inflector.demodulize(association_class_name)) + "_id"
         association_table_name = options[:table_name] || @association_class.table_name(association_class_name)
         @join_table = join_table
-        @order = options[:order] || "t.#{@owner.class.primary_key}"
+        @order = options[:order] || "t.#{@association_class.primary_key}"
 
         interpolate_sql_options!(options, :finder_sql, :delete_sql)
         @finder_sql = options[:finder_sql] ||
               "SELECT t.*, j.* FROM #{association_table_name} t, #{@join_table} j " +
-              "WHERE t.#{@owner.class.primary_key} = j.#{@association_foreign_key} AND " +
-              "j.#{association_class_primary_key_name} = '#{@owner.id}' " +
+              "WHERE t.#{@association_class.primary_key} = j.#{@association_foreign_key} AND " +
+              "j.#{association_class_primary_key_name} = #{@owner.quoted_id} " +
               (options[:conditions] ? " AND " + options[:conditions] : "") + " " +
               "ORDER BY #{@order}"
       end
@@ -26,11 +26,11 @@ module ActiveRecord
           each { |record| @owner.connection.execute(sql) }
         elsif @options[:conditions] 
           sql = 
-            "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = '#{@owner.id}' " +
+            "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = #{@owner.quoted_id} " +
             "AND #{@association_foreign_key} IN (#{collect { |record| record.id }.join(", ")})"
           @owner.connection.execute(sql)
         else
-          sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = '#{@owner.id}'"
+          sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = #{@owner.quoted_id}"
           @owner.connection.execute(sql)
         end
 
@@ -46,7 +46,7 @@ module ActiveRecord
           if loaded?
             find_all { |record| record.id == association_id.to_i }.first
           else
-            find_all_records(@finder_sql.sub(/ORDER BY/, "AND j.#{@association_foreign_key} = '#{association_id}' ORDER BY")).first
+            find_all_records(@finder_sql.sub(/ORDER BY/, "AND j.#{@association_foreign_key} = #{@owner.send(:quote, association_id)} ORDER BY")).first
           end
         end
       end
@@ -80,28 +80,29 @@ module ActiveRecord
           if @options[:insert_sql]
             @owner.connection.execute(interpolate_sql(@options[:insert_sql], record))
           else
-            sql = "INSERT INTO #{@join_table} (#{@association_class_primary_key_name}, #{@association_foreign_key}) VALUES ('#{@owner.id}','#{record.id}')"
+            sql = "INSERT INTO #{@join_table} (#{@association_class_primary_key_name}, #{@association_foreign_key}) " + 
+                  "VALUES (#{@owner.quoted_id},#{record.quoted_id})"
             @owner.connection.execute(sql)
           end
         end
         
         def insert_record_with_join_attributes(record, join_attributes)
-          attributes = { @association_class_primary_key_name => @owner.id, @association_foreign_key => record.id }.update(join_attributes)          
+          attributes = { @association_class_primary_key_name => @owner.id, @association_foreign_key => record.id }.update(join_attributes)
           sql = 
             "INSERT INTO #{@join_table} (#{@owner.send(:quoted_column_names, attributes).join(', ')}) " +
             "VALUES (#{attributes.values.collect { |value| @owner.send(:quote, value) }.join(', ')})"
           @owner.connection.execute(sql)
         end
-
+        
         def delete_records(records)
           if sql = @options[:delete_sql]
             records.each { |record| @owner.connection.execute(sql) }
           else
             ids = quoted_record_ids(records)
-            sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = '#{@owner.id}' AND #{@association_foreign_key} IN (#{ids})"
+            sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = #{@owner.quoted_id} AND #{@association_foreign_key} IN (#{ids})"
             @owner.connection.execute(sql)
           end
         end
       end
   end
-end
+end

data/lib/active_record/associations/has_many_association.rb

@@ -7,10 +7,16 @@ module ActiveRecord
 
         if options[:finder_sql]
           @finder_sql = interpolate_sql(options[:finder_sql])
-          @counter_sql = @finder_sql.gsub(/SELECT (.*) FROM/i, "SELECT COUNT(*) FROM")
         else
-          @finder_sql = "#{@association_class_primary_key_name} = '#{@owner.id}' #{@conditions ? " AND " + interpolate_sql(@conditions) : ""}"   
-          @counter_sql = "#{@association_class_primary_key_name} = '#{@owner.id}'#{@conditions ? " AND " + interpolate_sql(@conditions) : ""}"
+          @finder_sql = "#{@association_class_primary_key_name} = #{@owner.quoted_id} #{@conditions ? " AND " + interpolate_sql(@conditions) : ""}"
+        end
+
+        if options[:counter_sql]
+          @counter_sql = interpolate_sql(options[:counter_sql])
+        elsif options[:finder_sql]
+          @counter_sql = options[:counter_sql] = @finder_sql.gsub(/SELECT (.*) FROM/i, "SELECT COUNT(*) FROM")
+        else
+          @counter_sql = "#{@association_class_primary_key_name} = #{@owner.quoted_id}#{@conditions ? " AND " + interpolate_sql(@conditions) : ""}"
         end
       end
 
@@ -34,8 +40,8 @@ module ActiveRecord
           @collection.find_all(&block)
         else
           @association_class.find_all(
-            "#{@association_class_primary_key_name} = '#{@owner.id}' " +
-            "#{@conditions ? " AND " + @conditions : ""} #{runtime_conditions ? " AND " + @association_class.send(:sanitize_conditions, runtime_conditions) : ""}",
+            "#{@association_class_primary_key_name} = #{@owner.quoted_id}" +
+            "#{@conditions ? " AND " + @conditions : ""}#{runtime_conditions ? " AND " + @association_class.send(:sanitize_conditions, runtime_conditions) : ""}",
             orderings, 
             limit, 
             joins
@@ -49,7 +55,7 @@ module ActiveRecord
           @collection.find(&block)
         else
           @association_class.find_on_conditions(association_id,
-            "#{@association_class_primary_key_name} = '#{@owner.id}' #{@conditions ? " AND " + @conditions : ""}"
+            "#{@association_class_primary_key_name} = #{@owner.quoted_id}#{@conditions ? " AND " + @conditions : ""}"
           )
         end
       end
@@ -57,7 +63,7 @@ module ActiveRecord
       # Removes all records from this association.  Returns +self+ so
       # method calls may be chained.
       def clear
-        @association_class.update_all("#{@association_class_primary_key_name} = NULL", "#{@association_class_primary_key_name} = '#{@owner.id}'")
+        @association_class.update_all("#{@association_class_primary_key_name} = NULL", "#{@association_class_primary_key_name} = #{@owner.quoted_id}")
         @collection = []
         self
       end
@@ -70,21 +76,21 @@ module ActiveRecord
             @association_class.find_all(@finder_sql, @options[:order] ? @options[:order] : nil)
           end
         end
-        
+
         def count_records
           if has_cached_counter?
             @owner.send(:read_attribute, cached_counter_attribute_name)
-          elsif @options[:finder_sql]
+          elsif @options[:counter_sql]
             @association_class.count_by_sql(@counter_sql)
           else
             @association_class.count(@counter_sql)
           end
         end
-        
+
         def has_cached_counter?
           @owner.attribute_present?(cached_counter_attribute_name)
         end
-        
+
         def cached_counter_attribute_name
           "#{@association_name}_count"
         end
@@ -95,7 +101,10 @@ module ActiveRecord
 
         def delete_records(records)
           ids = quoted_record_ids(records)
-          @association_class.update_all("#{@association_class_primary_key_name} = NULL", "#{@association_class_primary_key_name} = '#{@owner.id}' AND #{@association_class.primary_key} IN (#{ids})")
+          @association_class.update_all(
+            "#{@association_class_primary_key_name} = NULL", 
+            "#{@association_class_primary_key_name} = #{@owner.quoted_id} AND #{@association_class.primary_key} IN (#{ids})"
+          )
         end
     end
   end

data/lib/active_record/base.rb

@@ -6,6 +6,8 @@ require 'yaml'
 module ActiveRecord #:nodoc:
   class ActiveRecordError < StandardError #:nodoc:
   end
+  class SubclassNotFound < ActiveRecordError #:nodoc:
+  end
   class AssociationTypeMismatch < ActiveRecordError #:nodoc:
   end
   class SerializationTypeMismatch < ActiveRecordError #:nodoc:
@@ -22,6 +24,8 @@ module ActiveRecord #:nodoc:
   end
   class StatementInvalid < ActiveRecordError #:nodoc:
   end
+  class PreparedStatementInvalid < ActiveRecordError #:nodoc:
+  end
 
   # Active Record objects doesn't specify their attributes directly, but rather infer them from the table definition with
   # which they're linked. Adding, removing, and changing attributes and their type is done directly in the database. Any change
@@ -63,15 +67,15 @@ module ActiveRecord #:nodoc:
   #     end
   # 
   #     def self.authenticate_safely(user_name, password)
-  #       find_first([ "user_name = '%s' AND password = '%s'", user_name, password ])
+  #       find_first([ "user_name = ? AND password = ?", user_name, password ])
   #     end
   #   end
   # 
-  # The +authenticate_unsafely+ method inserts the parameters directly into the query and is thus susceptible to SQL-injection
-  # attacks if the +user_name+ and +password+ parameters come directly from a HTTP request. The +authenticate_safely+ method, on
-  # the other hand, will sanitize the +user_name+ and +password+ before inserting them in the query, which will ensure that
+  # The <tt>authenticate_unsafely</tt> method inserts the parameters directly into the query and is thus susceptible to SQL-injection
+  # attacks if the <tt>user_name</tt> and +password+ parameters come directly from a HTTP request. The <tt>authenticate_safely</tt> method, 
+  # on the other hand, will sanitize the <tt>user_name</tt> and +password+ before inserting them in the query, which will ensure that
   # an attacker can't escape the query and fake the login (or worse).
-  # 
+  #
   # == Overwriting default accessors
   # 
   # All column values are automatically available through basic accessors on the Active Record object, but some times you
@@ -126,6 +130,9 @@ module ActiveRecord #:nodoc:
   # When you do Firm.create("name" => "37signals"), this record with be saved in the companies table with type = "Firm". You can then
   # fetch this row again using Company.find_first "name = '37signals'" and it will return a Firm object.
   #
+  # If you don't have a type column defined in your table, single-table inheritance won't be triggered. In that case, it'll work just
+  # like normal subclasses with no special magic for differentiating between them or reloading the right type with find.
+  #
   # Note, all the attributes for all the cases are kept in the same table. Read more:
   # http://www.martinfowler.com/eaaCatalog/singleTableInheritance.html
   # 
@@ -187,6 +194,9 @@ module ActiveRecord #:nodoc:
 
     @@subclasses = {}
     
+    cattr_accessor :configurations
+    @@primary_key_prefix_type = {}
+    
     # Accessor for the prefix type that will be prepended to every primary key column name. The options are :table_name and 
     # :table_name_with_underscore. If the first is specified, the Product class will look for "productid" instead of "id" as
     # the primary column. If the latter is specified, the Product class will look for "product_id" instead of "id". Remember
@@ -211,6 +221,15 @@ module ActiveRecord #:nodoc:
     cattr_accessor :pluralize_table_names
     @@pluralize_table_names = true
 
+    # When turned on (which is default), all associations are included using "load". This mean that any change is instant in cached
+    # environments like mod_ruby or FastCGI. When set to false, "require" is used, which is faster but requires server restart to
+    # reflect changes.
+    @@reload_associations = true
+    cattr_accessor :reload_associations
+
+    @@associations_loaded = []
+    cattr_accessor :associations_loaded
+
     class << self # Class methods
       # Returns objects for the records responding to either a specific id (1), a list of ids (1, 5, 6) or an array of ids. 
       # If only one ID is specified, that object is returned directly. If more than one ID is specified, an array is returned.
@@ -218,12 +237,14 @@ module ActiveRecord #:nodoc:
       #   Person.find(1)       # returns the object for ID = 1
       #   Person.find(1, 2, 6) # returns an array for objects with IDs in (1, 2, 6)
       #   Person.find([7, 17]) # returns an array for objects with IDs in (7, 17)
+      #   Person.find([1])     # returns an array for objects the object with ID = 1
       # +RecordNotFound+ is raised if no record can be found.
       def find(*ids)
+        expects_array = ids.first.kind_of?(Array)
         ids = ids.flatten.compact.uniq
 
         if ids.length > 1
-          ids_list = ids.map{ |id| "'#{sanitize(id)}'" }.join(", ")
+          ids_list = ids.map{ |id| "#{sanitize(id)}" }.join(", ")
           objects  = find_all("#{primary_key} IN (#{ids_list})", primary_key)
 
           if objects.length == ids.length
@@ -233,11 +254,11 @@ module ActiveRecord #:nodoc:
           end
         elsif ids.length == 1
           id = ids.first
-          sql = "SELECT * FROM #{table_name} WHERE #{primary_key} = '#{sanitize(id)}'"
+          sql = "SELECT * FROM #{table_name} WHERE #{primary_key} = #{sanitize(id)}"
           sql << " AND #{type_condition}" unless descends_from_active_record?
 
           if record = connection.select_one(sql, "#{name} Find")
-            instantiate(record)
+            expects_array ? [instantiate(record)] : instantiate(record)
           else 
             raise RecordNotFound, "Couldn't find #{name} with ID = #{id}"
           end
@@ -251,28 +272,32 @@ module ActiveRecord #:nodoc:
       # Example:
       #   Person.find_on_conditions 5, "first_name LIKE '%dav%' AND last_name = 'heinemeier'"
       def find_on_conditions(id, conditions)
-        find_first("#{primary_key} = '#{sanitize(id)}' AND #{sanitize_conditions(conditions)}") || 
+        find_first("#{primary_key} = #{sanitize(id)} AND #{sanitize_conditions(conditions)}") || 
             raise(RecordNotFound, "Couldn't find #{name} with #{primary_key} = #{id} on the condition of #{conditions}")
       end
     
       # Returns an array of all the objects that could be instantiated from the associated
       # table in the database. The +conditions+ can be used to narrow the selection of objects (WHERE-part),
       # such as by "color = 'red'", and arrangement of the selection can be done through +orderings+ (ORDER BY-part),
-      # such as by "last_name, first_name DESC". A maximum of returned objects can be specified in +limit+. Example:
+      # such as by "last_name, first_name DESC". A maximum of returned objects and their offset can be specified in 
+      # +limit+ (LIMIT...OFFSET-part). Examples:
       #   Project.find_all "category = 'accounts'", "last_accessed DESC", 15
+      #   Project.find_all ["category = ?", category_name], "created ASC", ["? OFFSET ?", 15, 20]
       def find_all(conditions = nil, orderings = nil, limit = nil, joins = nil)
         sql  = "SELECT * FROM #{table_name} " 
         sql << "#{joins} " if joins
         add_conditions!(sql, conditions)
         sql << "ORDER BY #{orderings} " unless orderings.nil?
-        sql << "LIMIT #{limit} " unless limit.nil?
+        sql << "LIMIT #{sanitize_conditions(limit)} " unless limit.nil?
     
         find_by_sql(sql)
       end
   
-      # Works like find_all, but requires a complete SQL string. Example:
+      # Works like find_all, but requires a complete SQL string. Examples:
       #   Post.find_by_sql "SELECT p.*, c.author FROM posts p, comments c WHERE p.id = c.post_id"
+      #   Post.find_by_sql ["SELECT * FROM posts WHERE author = ? AND created > ?", author_id, start_date]
       def find_by_sql(sql)
+        sql = sanitize_conditions(sql)
         connection.select_all(sql, "#{name} Load").inject([]) { |objects, record| objects << instantiate(record) }
       end
       
@@ -344,6 +369,7 @@ module ActiveRecord #:nodoc:
       # Returns the result of an SQL statement that should only include a COUNT(*) in the SELECT part.
       #   Product.count "SELECT COUNT(*) FROM sales s, customers c WHERE s.customer_id = c.id"
       def count_by_sql(sql)
+        sql = sanitize_conditions(sql)
         count = connection.select_one(sql, "#{name} Count").values.first
         return count ? count.to_i : 0
       end
@@ -354,12 +380,12 @@ module ActiveRecord #:nodoc:
       # for looping over a collection where each element require a number of aggregate values. Like the DiscussionBoard
       # that needs to list both the number of posts and comments.
       def increment_counter(counter_name, id)
-        update_all "#{counter_name} = #{counter_name} + 1", "#{primary_key} = #{id}"
+        update_all "#{counter_name} = #{counter_name} + 1", "#{primary_key} = #{quote(id)}"
       end
 
       # Works like increment_counter, but decrements instead.
       def decrement_counter(counter_name, id)
-        update_all "#{counter_name} = #{counter_name} - 1", "#{primary_key} = #{id}"
+        update_all "#{counter_name} = #{counter_name} - 1", "#{primary_key} = #{quote(id)}"
       end
 
       # Attributes named in this macro are protected from mass-assignment, such as <tt>new(attributes)</tt> and 
@@ -499,6 +525,15 @@ module ActiveRecord #:nodoc:
           methods
         end
       end
+      
+      # Resets all the cached information about columns, which will cause they to be reloaded on the next request.
+      def reset_column_information
+        @columns = @columns_hash = @content_columns = @dynamic_methods_hash = nil
+      end
+
+      def reset_column_information_and_inheritable_attributes_for_all_subclasses
+        subclasses.each { |klass| klass.reset_inheritable_attributes; klass.reset_column_information }
+      end
 
       # Transforms attribute key names into a more humane format, such as "First name" instead of "first_name". Example:
       #   Person.human_attribute_name("first_name") # => "First name"
@@ -507,13 +542,16 @@ module ActiveRecord #:nodoc:
       end
       
       def descends_from_active_record? # :nodoc:
-        superclass == Base
+        superclass == Base || !columns_hash.has_key?(inheritance_column)
+      end
+
+      def quote(object)
+        connection.quote(object)
       end
 
-      # Used to sanitize objects before they're used in an SELECT SQL-statement.
+      # Used to sanitize objects before they're used in an SELECT SQL-statement. Delegates to <tt>connection.quote</tt>.
       def sanitize(object) # :nodoc:
-        return object if Fixnum === object
-        object.to_s.gsub(/([;:])/, "").gsub('##', '\#\#').gsub(/'/, "''") # ' (for ruby-mode)
+        connection.quote(object)
       end
 
       # Used to aggregate logging and benchmark, so you can measure and represent multiple statements in a single block.
@@ -537,7 +575,20 @@ module ActiveRecord #:nodoc:
         # Finder methods must instantiate through this method to work with the single-table inheritance model
         # that makes it possible to create objects of different types from the same table.
         def instantiate(record)
-          object = record_with_type?(record) ? compute_type(record[inheritance_column]).allocate : allocate
+          require_association_class(record[inheritance_column])
+
+          begin
+            object = record_with_type?(record) ? compute_type(record[inheritance_column]).allocate : allocate
+          rescue NameError
+            raise(
+              SubclassNotFound, 
+              "The single-table inheritance mechanism failed to locate the subclass: '#{record[inheritance_column]}'. " +
+              "This error is raised because the column '#{inheritance_column}' is reserved for storing the class in case of inheritance. " +
+              "Please rename this column if you didn't intend it to be used for storing the inheritance class " +
+              "or overwrite #{self.to_s}.inheritance_column to use another column for that information."
+            )
+          end
+
           object.instance_variable_set("@attributes", record)
           return object
         end
@@ -562,7 +613,7 @@ module ActiveRecord #:nodoc:
         
         def type_condition
           " (" + subclasses.inject("#{inheritance_column} = '#{Inflector.demodulize(name)}' ") do |condition, subclass| 
-            condition << "OR #{inheritance_column} = '#{Inflector.demodulize(subclass.name)}'"
+            condition << "OR #{inheritance_column} = '#{Inflector.demodulize(subclass.name)}' "
           end + ") "
         end
 
@@ -602,13 +653,54 @@ module ActiveRecord #:nodoc:
         # Accepts either a condition array or string. The string is returned untouched, but the array has each of
         # the condition values sanitized.
         def sanitize_conditions(conditions)
-          if Array === conditions
-            statement, values = conditions[0], conditions[1..-1]
-            values.collect! { |value| sanitize(value) }
-            conditions = statement % values
+          return conditions unless conditions.is_a?(Array)
+
+          statement, *values = conditions
+
+          if values[0].is_a?(Hash) && statement =~ /:\w+/
+            replace_named_bind_variables(statement, values[0])
+          elsif statement =~ /\?/ 
+            replace_bind_variables(statement, values)
+          else
+            statement % values.collect { |value| connection.quote_string(value.to_s) }
+          end
+        end
+
+        def replace_bind_variables(statement, values)
+          orig_statement = statement.clone
+          expected_number_of_variables = statement.count('?')
+          provided_number_of_variables = values.size
+
+          unless expected_number_of_variables == provided_number_of_variables
+            raise PreparedStatementInvalid, "wrong number of bind variables (#{provided_number_of_variables} for #{expected_number_of_variables})"
+          end
+
+          until values.empty?
+            statement.sub!(/\?/, encode_quoted_value(values.shift))
           end
           
-          return conditions
+          statement.gsub('?') { |all, match| connection.quote(values.shift) }
+        end
+
+        def replace_named_bind_variables(statement, values_hash)
+          orig_statement = statement.clone
+          values_hash.keys.each do |k|
+            if statement.sub!(/:#{k.id2name}/, encode_quoted_value(values_hash.delete(k))).nil?
+              raise PreparedStatementInvalid, ":#{k} is not a variable in [#{orig_statement}]"
+            end
+          end
+
+          if statement =~ /(:\w+)/
+            raise PreparedStatementInvalid, "No value provided for #{$1} in [#{orig_statement}]"
+          end
+
+          return statement
+        end
+        
+        def encode_quoted_value(value)
+          quoted_value = connection.quote(value)
+          quoted_value = "'#{quoted_value[1..-2].gsub(/\'/, "\\\\'")}'" if quoted_value.include?("\\\'")          
+          quoted_value
         end
     end
 
@@ -628,7 +720,11 @@ module ActiveRecord #:nodoc:
       # Every Active Record class must use "id" as their primary ID. This getter overwrites the native
       # id method, which isn't being used in this context.
       def id
-        read_attribute(self.class.primary_key) unless new_record?
+        read_attribute(self.class.primary_key)
+      end
+      
+      def quoted_id
+        quote(id, self.class.columns_hash[self.class.primary_key])
       end
       
       # Sets the primary ID.
@@ -654,7 +750,7 @@ module ActiveRecord #:nodoc:
         unless new_record?
           connection.delete(
             "DELETE FROM #{self.class.table_name} " + 
-            "WHERE #{self.class.primary_key} = '#{id}'", 
+            "WHERE #{self.class.primary_key} = #{quote(id)}", 
             "#{self.class.name} Destroy"
           )
         end
@@ -755,7 +851,7 @@ module ActiveRecord #:nodoc:
       def respond_to?(method)
         self.class.column_methods_hash[method.to_sym] || respond_to_without_attributes?(method)
       end
-
+      
     private
       def create_or_update
         if new_record? then create else update end
@@ -765,8 +861,8 @@ module ActiveRecord #:nodoc:
       def update
         connection.update(
           "UPDATE #{self.class.table_name} " +
-          "SET #{quoted_comma_pair_list(connection, attributes_with_quotes)} " +
-          "WHERE #{self.class.primary_key} = '#{id}'",
+          "SET #{quoted_comma_pair_list(connection, attributes_with_quotes(false))} " +
+          "WHERE #{self.class.primary_key} = #{quote(id)}",
           "#{self.class.name} Update"
         )
       end
@@ -825,12 +921,16 @@ module ActiveRecord #:nodoc:
       # Returns the value of attribute identified by <tt>attr_name</tt> after it has been type cast (for example, 
       # "2004-12-12" in a data column is cast to a date object, like Date.new(2004, 12, 12)).
       def read_attribute(attr_name) #:doc:
-        if column = column_for_attribute(attr_name)
-          @attributes[attr_name] = unserializable_attribute?(attr_name, column) ?
-            unserialize_attribute(attr_name) : column.type_cast(@attributes[attr_name])
+        if @attributes.keys.include? attr_name
+          if column = column_for_attribute(attr_name)
+            @attributes[attr_name] = unserializable_attribute?(attr_name, column) ?
+              unserialize_attribute(attr_name) : column.type_cast(@attributes[attr_name])
+          end
+          
+          @attributes[attr_name]
+        else
+          nil
         end
-        
-        @attributes[attr_name]
       end
 
       # Returns true if the attribute is of a text column and marked for serialization.
@@ -897,10 +997,10 @@ module ActiveRecord #:nodoc:
 
       # Returns copy of the attributes hash where all the values have been safely quoted for use in
       # an SQL statement. 
-      def attributes_with_quotes
+      def attributes_with_quotes(include_primary_key = true)
         columns_hash = self.class.columns_hash
         @attributes.inject({}) do |attrs_quoted, pair| 
-          attrs_quoted[pair.first] = quote(pair.last, columns_hash[pair.first])
+          attrs_quoted[pair.first] = quote(pair.last, columns_hash[pair.first]) unless !include_primary_key && pair.first == self.class.primary_key
           attrs_quoted
         end
       end