From 5799d21b4cb6d0c7e998d44db20b271a4a8f2b9e Mon Sep 17 00:00:00 2001
From: Luke Baker <lukebaker@gmail.com>
Date: Fri, 7 Feb 2014 15:57:00 -0500
Subject: [PATCH 1/2] use ActiveRecord quoting for table, column names

---
 app/models/choice.rb | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/app/models/choice.rb b/app/models/choice.rb
index 12bd0af7..ef1fd653 100644
--- a/app/models/choice.rb
+++ b/app/models/choice.rb
@@ -70,7 +70,11 @@ def compute_score
   
   def compute_score!
     self.score = compute_score
-    Choice.connection.execute("UPDATE `choices` SET `score` = #{self.score}, `updated_at` = '#{Time.now.utc.to_s(:db)}' WHERE `id` = #{self.id}")
+    Choice.connection = conn
+    conn.execute("UPDATE #{conn.quote_table_name('choices')} SET
+      #{conn.quote_column_name('score')} = #{self.score},
+      #{conn.quote_column_name('updated_at')} = '#{Time.now.utc.to_s(:db)}' WHERE
+      #{conn.quote_column_name('id')} = #{self.id}")
   end
 
   def user_created
@@ -127,18 +131,12 @@ def generate_prompts
     previous_choices.each do |l|
 	inserts.push("(NULL, #{self.question_id}, NULL, #{l.id}, '#{timestring}', '#{timestring}', NULL, 0, #{self.id}, NULL, NULL)")
     end
-    sql = "INSERT INTO `prompts` (`algorithm_id`, `question_id`, `voter_id`, `left_choice_id`, `created_at`, `updated_at`, `tracking`, `votes_count`, `right_choice_id`, `active`, `randomkey`) VALUES #{inserts.join(', ')}"
+    conn = Prompts.connection
+    sql = "INSERT INTO #{conn.quote_table_name('prompts')} (#{conn.quote_column_name('algorithm_id')}, #{conn.quote_column_name('question_id')}, #{conn.quote_column_name('voter_id')}, #{conn.quote_column_name('left_choice_id')}, #{conn.quote_column_name('created_at')}, #{conn.quote_column_name('updated_at')}, #{conn.quote_column_name('tracking')}, #{conn.quote_column_name('votes_count')}, #{conn.quote_column_name('right_choice_id')}, #{conn.quote_column_name('active')}, #{conn.quote_column_name('randomkey')}) VALUES #{inserts.join(', ')}"
 
     Question.update_counters(self.question_id, :prompts_count => 2*previous_choices.size)
 
 
-    ActiveRecord::Base.connection.execute(sql)
-
-#VALUES (NULL, 108, NULL, 1892, '2010-03-16 11:12:37', '2010-03-16 11:12:37', NULL, 0, 1893, NULL, NULL)
-#    INSERT INTO `prompts` (`algorithm_id`, `question_id`, `voter_id`, `left_choice_id`, `created_at`, `updated_at`, `tracking`, `votes_count`, `right_choice_id`, `active`, `randomkey`) VALUES(NULL, 108, NULL, 1892, '2010-03-16 11:12:37', '2010-03-16 11:12:37', NULL, 0, 1893, NULL, NULL)
-    #previous_choices.each { |c|
-    #  question.prompts.create!(:left_choice => c, :right_choice => self)
-    #  question.prompts.create!(:left_choice => self, :right_choice => c)
-    #}
+    conn.execute(sql)
   end
 end

From 937e47a307364b4e43f9e02445a832d878e29eb5 Mon Sep 17 00:00:00 2001
From: Luke Baker <lukebaker@gmail.com>
Date: Fri, 7 Feb 2014 16:04:24 -0500
Subject: [PATCH 2/2] fix typo in variable assignment

---
 app/models/choice.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/choice.rb b/app/models/choice.rb
index ef1fd653..c1b59691 100644
--- a/app/models/choice.rb
+++ b/app/models/choice.rb
@@ -70,7 +70,7 @@ def compute_score
   
   def compute_score!
     self.score = compute_score
-    Choice.connection = conn
+    conn = Choice.connection
     conn.execute("UPDATE #{conn.quote_table_name('choices')} SET
       #{conn.quote_column_name('score')} = #{self.score},
       #{conn.quote_column_name('updated_at')} = '#{Time.now.utc.to_s(:db)}' WHERE