Convert lat and lon values to floats.

This provides a sort of poor man's SQL escaping to prevent injection
attacks. Note that the latitude and longitude column names are not
escaped, but those values should be coming from app configuration and
hence should be safe.

lib/geocoder/sql.rb

@@ -14,9 +14,9 @@ module Geocoder
       earth = Geocoder::Calculations.earth_radius(options[:units] || :mi)
 
       "#{earth} * 2 * ASIN(SQRT(" +
-        "POWER(SIN((#{latitude} - #{lat_attr}) * PI() / 180 / 2), 2) + " +
-        "COS(#{latitude} * PI() / 180) * COS(#{lat_attr} * PI() / 180) * " +
-        "POWER(SIN((#{longitude} - #{lon_attr}) * PI() / 180 / 2), 2)" +
+        "POWER(SIN((#{latitude.to_f} - #{lat_attr}) * PI() / 180 / 2), 2) + " +
+        "COS(#{latitude.to_f} * PI() / 180) * COS(#{lat_attr} * PI() / 180) * " +
+        "POWER(SIN((#{longitude.to_f} - #{lon_attr}) * PI() / 180 / 2), 2)" +
       "))"
     end
 
@@ -37,8 +37,8 @@ module Geocoder
       # sin of 45 degrees = average x or y component of vector
       factor = Math.sin(Math::PI / 4)
 
-      "(#{dy} * ABS(#{lat_attr} - #{latitude}) * #{factor}) + " +
-        "(#{dx} * ABS(#{lon_attr} - #{longitude}) * #{factor})"
+      "(#{dy} * ABS(#{lat_attr} - #{latitude.to_f}) * #{factor}) + " +
+        "(#{dx} * ABS(#{lon_attr} - #{longitude.to_f}) * #{factor})"
     end
 
     def within_bounding_box(sw_lat, sw_lng, ne_lat, ne_lng, lat_attr, lon_attr)
@@ -65,19 +65,19 @@ module Geocoder
       when :linear
         "CAST(" +
           "DEGREES(ATAN2( " +
-            "RADIANS(#{lon_attr} - #{longitude}), " +
-            "RADIANS(#{lat_attr} - #{latitude})" +
+            "RADIANS(#{lon_attr} - #{longitude.to_f}), " +
+            "RADIANS(#{lat_attr} - #{latitude.to_f})" +
           ")) + 360 " +
         "AS decimal) % 360"
       when :spherical
         "CAST(" +
           "DEGREES(ATAN2( " +
-            "SIN(RADIANS(#{lon_attr} - #{longitude})) * " +
+            "SIN(RADIANS(#{lon_attr} - #{longitude.to_f})) * " +
             "COS(RADIANS(#{lat_attr})), (" +
-              "COS(RADIANS(#{latitude})) * SIN(RADIANS(#{lat_attr}))" +
+              "COS(RADIANS(#{latitude.to_f})) * SIN(RADIANS(#{lat_attr}))" +
             ") - (" +
-              "SIN(RADIANS(#{latitude})) * COS(RADIANS(#{lat_attr})) * " +
-              "COS(RADIANS(#{lon_attr} - #{longitude}))" +
+              "SIN(RADIANS(#{latitude.to_f})) * COS(RADIANS(#{lat_attr})) * " +
+              "COS(RADIANS(#{lon_attr} - #{longitude.to_f}))" +
             ")" +
           ")) + 360 " +
         "AS decimal) % 360"
@@ -90,14 +90,14 @@ module Geocoder
     #
     def approx_bearing(latitude, longitude, lat_attr, lon_attr, options = {})
       "CASE " +
-        "WHEN (#{lat_attr} >= #{latitude} AND " +
-          "#{lon_attr} >= #{longitude}) THEN  45.0 " +
-        "WHEN (#{lat_attr} <  #{latitude} AND " +
-          "#{lon_attr} >= #{longitude}) THEN 135.0 " +
-        "WHEN (#{lat_attr} <  #{latitude} AND " +
-          "#{lon_attr} <  #{longitude}) THEN 225.0 " +
-        "WHEN (#{lat_attr} >= #{latitude} AND " +
-          "#{lon_attr} <  #{longitude}) THEN 315.0 " +
+        "WHEN (#{lat_attr} >= #{latitude.to_f} AND " +
+          "#{lon_attr} >= #{longitude.to_f}) THEN  45.0 " +
+        "WHEN (#{lat_attr} <  #{latitude.to_f} AND " +
+          "#{lon_attr} >= #{longitude.to_f}) THEN 135.0 " +
+        "WHEN (#{lat_attr} <  #{latitude.to_f} AND " +
+          "#{lon_attr} <  #{longitude.to_f}) THEN 225.0 " +
+        "WHEN (#{lat_attr} >= #{latitude.to_f} AND " +
+          "#{lon_attr} <  #{longitude.to_f}) THEN 315.0 " +
       "END"
     end
   end