From dcdc3d8675411edce3965941a2ca7c441ca48613 Mon Sep 17 00:00:00 2001
From: Alex Reisner <alex@alexreisner.com>
Date: Thu, 23 Jan 2020 09:08:45 -0700
Subject: [PATCH] Sanitize lat/lon for SQL query.

---
 lib/geocoder/sql.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/geocoder/sql.rb b/lib/geocoder/sql.rb
index 71ea96f8a..6bca8a65a 100644
--- a/lib/geocoder/sql.rb
+++ b/lib/geocoder/sql.rb
@@ -44,13 +44,13 @@ def approx_distance(latitude, longitude, lat_attr, lon_attr, options = {})
     end
 
     def within_bounding_box(sw_lat, sw_lng, ne_lat, ne_lng, lat_attr, lon_attr)
-      spans = "#{lat_attr} BETWEEN #{sw_lat} AND #{ne_lat} AND "
+      spans = "#{lat_attr} BETWEEN #{sw_lat.to_f} AND #{ne_lat.to_f} AND "
       # handle box that spans 180 longitude
       if sw_lng.to_f > ne_lng.to_f
-        spans + "(#{lon_attr} BETWEEN #{sw_lng} AND 180 OR " +
-        "#{lon_attr} BETWEEN -180 AND #{ne_lng})"
+        spans + "(#{lon_attr} BETWEEN #{sw_lng.to_f} AND 180 OR " +
+        "#{lon_attr} BETWEEN -180 AND #{ne_lng.to_f})"
       else
-        spans + "#{lon_attr} BETWEEN #{sw_lng} AND #{ne_lng}"
+        spans + "#{lon_attr} BETWEEN #{sw_lng.to_f} AND #{ne_lng.to_f}"
       end
     end