Commit | Line | Data |
3885cff6 |
1 | package DBIx::Class::Storage::DBI::NoBindVars; |
2 | |
3 | use strict; |
4 | use warnings; |
5 | |
6 | use base 'DBIx::Class::Storage::DBI'; |
b55e97a7 |
7 | use Scalar::Util (); |
8 | use Carp::Clan qw/^DBIx::Class/; |
3885cff6 |
9 | |
b43345f2 |
10 | =head1 NAME |
11 | |
12 | DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables |
13 | |
14 | =head1 DESCRIPTION |
15 | |
16 | This class allows queries to work when the DBD or underlying library does not |
17 | support the usual C<?> placeholders, or at least doesn't support them very |
18 | well, as is the case with L<DBD::Sybase> |
19 | |
20 | =head1 METHODS |
21 | |
b33697ef |
22 | =head2 connect_info |
b43345f2 |
23 | |
b33697ef |
24 | We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set. |
b43345f2 |
25 | |
26 | =cut |
27 | |
b33697ef |
28 | sub connect_info { |
29 | my $self = shift; |
d944c5ae |
30 | my $retval = $self->next::method(@_); |
b33697ef |
31 | $self->disable_sth_caching(1); |
32 | $retval; |
b43345f2 |
33 | } |
34 | |
d5130dd2 |
35 | =head2 _prep_for_execute |
b43345f2 |
36 | |
d5130dd2 |
37 | Manually subs in the values for the usual C<?> placeholders. |
b43345f2 |
38 | |
39 | =cut |
40 | |
d5130dd2 |
41 | sub _prep_for_execute { |
42 | my $self = shift; |
b50a5275 |
43 | |
0c449973 |
44 | my ($op, $extra_bind, $ident, $args) = @_; |
b50a5275 |
45 | |
d944c5ae |
46 | my ($sql, $bind) = $self->next::method(@_); |
47 | |
48 | # stringify args, quote via $dbh, and manually insert |
49 | |
b4474f31 |
50 | my @sql_part = split /\?/, $sql; |
51 | my $new_sql; |
52 | |
434cace9 |
53 | my $alias2src = $self->_resolve_ident_sources($ident); |
a49fe312 |
54 | |
d944c5ae |
55 | foreach my $bound (@$bind) { |
b50a5275 |
56 | my $col = shift @$bound; |
b55e97a7 |
57 | |
a49fe312 |
58 | my $name_sep = $self->_sql_maker_opts->{name_sep} || '.'; |
59 | |
60 | $col =~ s/^([^\Q${name_sep}\E]*)\Q${name_sep}\E//; |
17d750d7 |
61 | my $alias = $1 || 'me'; |
b55e97a7 |
62 | |
434cace9 |
63 | my $rsrc = $alias2src->{$alias}; |
a49fe312 |
64 | |
bbdc039b |
65 | my $datatype = $rsrc && $rsrc->column_info($col)->{data_type}; |
b55e97a7 |
66 | |
d944c5ae |
67 | foreach my $data (@$bound) { |
68 | if(ref $data) { |
69 | $data = ''.$data; |
70 | } |
148e3b50 |
71 | $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data); |
b50a5275 |
72 | $new_sql .= shift(@sql_part) . $data; |
d944c5ae |
73 | } |
74 | } |
b4474f31 |
75 | $new_sql .= join '', @sql_part; |
d5130dd2 |
76 | |
01c04b1b |
77 | return ($new_sql, []); |
3885cff6 |
78 | } |
79 | |
0c1bedfc |
80 | =head2 should_quote_data_type |
81 | |
148e3b50 |
82 | This method is called by L</_prep_for_execute> for every column in |
83 | order to determine if its value should be quoted or not. The arguments |
84 | are the current column data type and the actual bind value. The return |
85 | value is interpreted as: true - do quote, false - do not quote. You should |
86 | override this in you Storage::DBI::<database> subclass, if your RDBMS |
87 | does not like quotes around certain datatypes (e.g. Sybase and integer |
88 | columns). The default method always returns true (do quote). |
0c1bedfc |
89 | |
90 | WARNING!!! |
91 | |
148e3b50 |
92 | Always validate that the bind-value is valid for the current datatype. |
93 | Otherwise you may very well open the door to SQL injection attacks. |
0c1bedfc |
94 | |
95 | =cut |
96 | |
148e3b50 |
97 | sub should_quote_data_type { 1 } |
98 | |
3885cff6 |
99 | =head1 AUTHORS |
100 | |
101 | Brandon Black <blblack@gmail.com> |
b43345f2 |
102 | |
7762b22c |
103 | Trym Skaar <trym@tryms.no> |
3885cff6 |
104 | |
105 | =head1 LICENSE |
106 | |
107 | You may distribute this code under the same terms as Perl itself. |
108 | |
109 | =cut |
b43345f2 |
110 | |
111 | 1; |