[dbsrgits/DBIx-Class.git] / lib / DBIx / Class / Storage / DBI / NoBindVars.pm

package DBIx::Class::Storage::DBI::NoBindVars;

use strict;
use warnings;

use base 'DBIx::Class::Storage::DBI';
use Scalar::Util ();
use Carp::Clan qw/^DBIx::Class/;

=head1 NAME 

DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables

=head1 DESCRIPTION

This class allows queries to work when the DBD or underlying library does not
support the usual C<?> placeholders, or at least doesn't support them very
well, as is the case with L<DBD::Sybase>

=head1 METHODS

=head2 connect_info

We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.

=cut

sub connect_info {
    my $self = shift;
    my $retval = $self->next::method(@_);
    $self->disable_sth_caching(1);
    $retval;
}

=head2 _prep_for_execute

Manually subs in the values for the usual C<?> placeholders.

=cut

sub _prep_for_execute {
  my $self = shift;

  my ($op, $extra_bind, $ident, $args) = @_;

  my ($sql, $bind) = $self->next::method(@_);

  # stringify args, quote via $dbh, and manually insert

  my @sql_part = split /\?/, $sql;
  my $new_sql;

  foreach my $bound (@$bind) {
    my $col = shift @$bound;

    my $datatype = 'FIXME!!!';

# this is what needs to happen:
#    my $datatype = $rsrc->column_info($col)->{data_type};

    foreach my $data (@$bound) {
        if(ref $data) {
            $data = ''.$data;
        }
        $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
        $new_sql .= shift(@sql_part) . $data;
    }
  }
  $new_sql .= join '', @sql_part;

  return ($new_sql, []);
}

=head2 should_quote_data_type   
                                
This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
value is interpreted as: true - do quote, false - do not quote. You should
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
columns). The default method always returns true (do quote).
                                
 WARNING!!!                     
                                
 Always validate that the bind-value is valid for the current datatype.
 Otherwise you may very well open the door to SQL injection attacks.
                                
=cut                            
                                
sub should_quote_data_type { 1 }

=head1 AUTHORS

Brandon Black <blblack@gmail.com>

Trym Skaar <trym@tryms.no>

=head1 LICENSE

You may distribute this code under the same terms as Perl itself.

=cut

1;
Commit	Line	Data
3885cff6	1	package DBIx::Class::Storage::DBI::NoBindVars;
	2
	3	use strict;
	4	use warnings;
	5
	6	use base 'DBIx::Class::Storage::DBI';
b55e97a7	7	use Scalar::Util ();
b55e97a7	8	use Carp::Clan qw/^DBIx::Class/;
3885cff6	9
b43345f2	10	=head1 NAME
	11
	12	DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables
	13
	14	=head1 DESCRIPTION
	15
	16	This class allows queries to work when the DBD or underlying library does not
	17	support the usual C<?> placeholders, or at least doesn't support them very
	18	well, as is the case with L<DBD::Sybase>
	19
	20	=head1 METHODS
	21
b33697ef	22	=head2 connect_info
b43345f2	23
b33697ef	24	We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
b43345f2	25
	26	=cut
	27
b33697ef	28	sub connect_info {
b33697ef	29	my $self = shift;
d944c5ae	30	my $retval = $self->next::method(@_);
b33697ef	31	$self->disable_sth_caching(1);
b33697ef	32	$retval;
b43345f2	33	}
b43345f2	34
d5130dd2	35	=head2 _prep_for_execute
b43345f2	36
d5130dd2	37	Manually subs in the values for the usual C<?> placeholders.
b43345f2	38
	39	=cut
	40
d5130dd2	41	sub _prep_for_execute {
d5130dd2	42	my $self = shift;
b50a5275	43
0c449973	44	my ($op, $extra_bind, $ident, $args) = @_;
b50a5275	45
d944c5ae	46	my ($sql, $bind) = $self->next::method(@_);
	47
	48	# stringify args, quote via $dbh, and manually insert
	49
b4474f31	50	my @sql_part = split /\?/, $sql;
	51	my $new_sql;
	52
d944c5ae	53	foreach my $bound (@$bind) {
b50a5275	54	my $col = shift @$bound;
b55e97a7	55
5432c6ae	56	my $datatype = 'FIXME!!!';
b55e97a7	57
	58	# this is what needs to happen:
	59	# my $datatype = $rsrc->column_info($col)->{data_type};
	60
d944c5ae	61	foreach my $data (@$bound) {
	62	if(ref $data) {
	63	$data = ''.$data;
	64	}
148e3b50	65	$data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
b50a5275	66	$new_sql .= shift(@sql_part) . $data;
d944c5ae	67	}
d944c5ae	68	}
b4474f31	69	$new_sql .= join '', @sql_part;
d5130dd2	70
01c04b1b	71	return ($new_sql, []);
3885cff6	72	}
3885cff6	73
0c1bedfc	74	=head2 should_quote_data_type
0c1bedfc	75
148e3b50	76	This method is called by L</_prep_for_execute> for every column in
	77	order to determine if its value should be quoted or not. The arguments
	78	are the current column data type and the actual bind value. The return
	79	value is interpreted as: true - do quote, false - do not quote. You should
	80	override this in you Storage::DBI::<database> subclass, if your RDBMS
	81	does not like quotes around certain datatypes (e.g. Sybase and integer
	82	columns). The default method always returns true (do quote).
0c1bedfc	83
	84	WARNING!!!
	85
148e3b50	86	Always validate that the bind-value is valid for the current datatype.
148e3b50	87	Otherwise you may very well open the door to SQL injection attacks.
0c1bedfc	88
	89	=cut
	90
148e3b50	91	sub should_quote_data_type { 1 }
148e3b50	92
3885cff6	93	=head1 AUTHORS
	94
	95	Brandon Black <blblack@gmail.com>
b43345f2	96
7762b22c	97	Trym Skaar <trym@tryms.no>
3885cff6	98
	99	=head1 LICENSE
	100
	101	You may distribute this code under the same terms as Perl itself.
	102
	103	=cut
b43345f2	104
b43345f2	105	1;