Commit | Line | Data |
3885cff6 |
1 | package DBIx::Class::Storage::DBI::NoBindVars; |
2 | |
3 | use strict; |
4 | use warnings; |
5 | |
6 | use base 'DBIx::Class::Storage::DBI'; |
b55e97a7 |
7 | use Scalar::Util (); |
8 | use Carp::Clan qw/^DBIx::Class/; |
3885cff6 |
9 | |
b43345f2 |
10 | =head1 NAME |
11 | |
12 | DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables |
13 | |
14 | =head1 DESCRIPTION |
15 | |
16 | This class allows queries to work when the DBD or underlying library does not |
17 | support the usual C<?> placeholders, or at least doesn't support them very |
18 | well, as is the case with L<DBD::Sybase> |
19 | |
20 | =head1 METHODS |
21 | |
b33697ef |
22 | =head2 connect_info |
b43345f2 |
23 | |
b33697ef |
24 | We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set. |
b43345f2 |
25 | |
26 | =cut |
27 | |
b33697ef |
28 | sub connect_info { |
29 | my $self = shift; |
d944c5ae |
30 | my $retval = $self->next::method(@_); |
b33697ef |
31 | $self->disable_sth_caching(1); |
32 | $retval; |
b43345f2 |
33 | } |
34 | |
d5130dd2 |
35 | =head2 _prep_for_execute |
b43345f2 |
36 | |
d5130dd2 |
37 | Manually subs in the values for the usual C<?> placeholders. |
b43345f2 |
38 | |
39 | =cut |
40 | |
d5130dd2 |
41 | sub _prep_for_execute { |
42 | my $self = shift; |
b50a5275 |
43 | |
0c449973 |
44 | my ($op, $extra_bind, $ident, $args) = @_; |
b50a5275 |
45 | |
d944c5ae |
46 | my ($sql, $bind) = $self->next::method(@_); |
47 | |
48 | # stringify args, quote via $dbh, and manually insert |
49 | |
b4474f31 |
50 | my @sql_part = split /\?/, $sql; |
51 | my $new_sql; |
52 | |
d944c5ae |
53 | foreach my $bound (@$bind) { |
b50a5275 |
54 | my $col = shift @$bound; |
b55e97a7 |
55 | |
5432c6ae |
56 | my $datatype = 'FIXME!!!'; |
b55e97a7 |
57 | |
58 | # this is what needs to happen: |
59 | # my $datatype = $rsrc->column_info($col)->{data_type}; |
60 | |
d944c5ae |
61 | foreach my $data (@$bound) { |
62 | if(ref $data) { |
63 | $data = ''.$data; |
64 | } |
148e3b50 |
65 | $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data); |
b50a5275 |
66 | $new_sql .= shift(@sql_part) . $data; |
d944c5ae |
67 | } |
68 | } |
b4474f31 |
69 | $new_sql .= join '', @sql_part; |
d5130dd2 |
70 | |
01c04b1b |
71 | return ($new_sql, []); |
3885cff6 |
72 | } |
73 | |
0c1bedfc |
74 | =head2 should_quote_data_type |
75 | |
148e3b50 |
76 | This method is called by L</_prep_for_execute> for every column in |
77 | order to determine if its value should be quoted or not. The arguments |
78 | are the current column data type and the actual bind value. The return |
79 | value is interpreted as: true - do quote, false - do not quote. You should |
80 | override this in you Storage::DBI::<database> subclass, if your RDBMS |
81 | does not like quotes around certain datatypes (e.g. Sybase and integer |
82 | columns). The default method always returns true (do quote). |
0c1bedfc |
83 | |
84 | WARNING!!! |
85 | |
148e3b50 |
86 | Always validate that the bind-value is valid for the current datatype. |
87 | Otherwise you may very well open the door to SQL injection attacks. |
0c1bedfc |
88 | |
89 | =cut |
90 | |
148e3b50 |
91 | sub should_quote_data_type { 1 } |
92 | |
3885cff6 |
93 | =head1 AUTHORS |
94 | |
95 | Brandon Black <blblack@gmail.com> |
b43345f2 |
96 | |
7762b22c |
97 | Trym Skaar <trym@tryms.no> |
3885cff6 |
98 | |
99 | =head1 LICENSE |
100 | |
101 | You may distribute this code under the same terms as Perl itself. |
102 | |
103 | =cut |
b43345f2 |
104 | |
105 | 1; |