Sanitize lat/lon for SQL query.

alexreisner · alexreisner · commit dcdc3d867541 · 2020-01-23T09:13:06.000-07:00
diff --git a/lib/geocoder/sql.rb b/lib/geocoder/sql.rb
@@ -44,13 +44,13 @@ def approx_distance(latitude, longitude, lat_attr, lon_attr, options = {})
     end
 
     def within_bounding_box(sw_lat, sw_lng, ne_lat, ne_lng, lat_attr, lon_attr)
-      spans = "#{lat_attr} BETWEEN #{sw_lat} AND #{ne_lat} AND "
+      spans = "#{lat_attr} BETWEEN #{sw_lat.to_f} AND #{ne_lat.to_f} AND "
       # handle box that spans 180 longitude
       if sw_lng.to_f > ne_lng.to_f
-        spans + "(#{lon_attr} BETWEEN #{sw_lng} AND 180 OR " +
-        "#{lon_attr} BETWEEN -180 AND #{ne_lng})"
+        spans + "(#{lon_attr} BETWEEN #{sw_lng.to_f} AND 180 OR " +
+        "#{lon_attr} BETWEEN -180 AND #{ne_lng.to_f})"
       else
-        spans + "#{lon_attr} BETWEEN #{sw_lng} AND #{ne_lng}"
+        spans + "#{lon_attr} BETWEEN #{sw_lng.to_f} AND #{ne_lng.to_f}"
       end
     end
 
