Commit | Line | Data |
3885cff6 |
1 | package DBIx::Class::Storage::DBI::NoBindVars; |
2 | |
3 | use strict; |
4 | use warnings; |
5 | |
6 | use base 'DBIx::Class::Storage::DBI'; |
2ad62d97 |
7 | use mro 'c3'; |
3885cff6 |
8 | |
b43345f2 |
9 | =head1 NAME |
10 | |
11 | DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables |
12 | |
13 | =head1 DESCRIPTION |
14 | |
15 | This class allows queries to work when the DBD or underlying library does not |
16 | support the usual C<?> placeholders, or at least doesn't support them very |
17 | well, as is the case with L<DBD::Sybase> |
18 | |
19 | =head1 METHODS |
20 | |
b33697ef |
21 | =head2 connect_info |
b43345f2 |
22 | |
b33697ef |
23 | We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set. |
b43345f2 |
24 | |
25 | =cut |
26 | |
b33697ef |
27 | sub connect_info { |
28 | my $self = shift; |
d944c5ae |
29 | my $retval = $self->next::method(@_); |
b33697ef |
30 | $self->disable_sth_caching(1); |
31 | $retval; |
b43345f2 |
32 | } |
33 | |
d5130dd2 |
34 | =head2 _prep_for_execute |
b43345f2 |
35 | |
d5130dd2 |
36 | Manually subs in the values for the usual C<?> placeholders. |
b43345f2 |
37 | |
38 | =cut |
39 | |
d5130dd2 |
40 | sub _prep_for_execute { |
41 | my $self = shift; |
b50a5275 |
42 | |
0c449973 |
43 | my ($op, $extra_bind, $ident, $args) = @_; |
b50a5275 |
44 | |
d944c5ae |
45 | my ($sql, $bind) = $self->next::method(@_); |
46 | |
47 | # stringify args, quote via $dbh, and manually insert |
48 | |
b4474f31 |
49 | my @sql_part = split /\?/, $sql; |
50 | my $new_sql; |
51 | |
28cea3aa |
52 | my $col_info = $self->_resolve_column_info($ident, [ map $_->[0], @$bind ]); |
a49fe312 |
53 | |
d944c5ae |
54 | foreach my $bound (@$bind) { |
b50a5275 |
55 | my $col = shift @$bound; |
b55e97a7 |
56 | |
28cea3aa |
57 | my $datatype = $col_info->{$col}{data_type}; |
b55e97a7 |
58 | |
d944c5ae |
59 | foreach my $data (@$bound) { |
7d17f469 |
60 | $data = ''.$data if ref $data; |
6636ad53 |
61 | |
7d17f469 |
62 | $data = $self->_dbh->quote($data) |
63 | if $self->should_quote_value($datatype, $data); |
6636ad53 |
64 | |
7d17f469 |
65 | $new_sql .= shift(@sql_part) . $data; |
d944c5ae |
66 | } |
67 | } |
b4474f31 |
68 | $new_sql .= join '', @sql_part; |
d5130dd2 |
69 | |
01c04b1b |
70 | return ($new_sql, []); |
3885cff6 |
71 | } |
72 | |
7d17f469 |
73 | =head2 should_quote_value |
0c1bedfc |
74 | |
148e3b50 |
75 | This method is called by L</_prep_for_execute> for every column in |
76 | order to determine if its value should be quoted or not. The arguments |
77 | are the current column data type and the actual bind value. The return |
78 | value is interpreted as: true - do quote, false - do not quote. You should |
79 | override this in you Storage::DBI::<database> subclass, if your RDBMS |
80 | does not like quotes around certain datatypes (e.g. Sybase and integer |
81 | columns). The default method always returns true (do quote). |
0c1bedfc |
82 | |
83 | WARNING!!! |
84 | |
148e3b50 |
85 | Always validate that the bind-value is valid for the current datatype. |
86 | Otherwise you may very well open the door to SQL injection attacks. |
0c1bedfc |
87 | |
88 | =cut |
89 | |
7d17f469 |
90 | sub should_quote_value { 1 } |
148e3b50 |
91 | |
3885cff6 |
92 | =head1 AUTHORS |
93 | |
94 | Brandon Black <blblack@gmail.com> |
b43345f2 |
95 | |
7762b22c |
96 | Trym Skaar <trym@tryms.no> |
3885cff6 |
97 | |
98 | =head1 LICENSE |
99 | |
100 | You may distribute this code under the same terms as Perl itself. |
101 | |
102 | =cut |
b43345f2 |
103 | |
104 | 1; |