projects / scpubgit/Q-Branch.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
I have no idea why I inlined the bindval assertion but it was stupid
[scpubgit/Q-Branch.git] / lib / SQL / Abstract.pm
CommitLineData
96449e8e 1package SQL::Abstract; # see doc at end of file
2
96449e8e 3use strict;
4use warnings;
9d9d5bd6 5use Carp ();
312d830b 6use List::Util ();
7use Scalar::Util ();
96449e8e 8
0da0fe34 9use Exporter 'import';
10our @EXPORT_OK = qw(is_plain_value is_literal_value);
11
12BEGIN {
13 if ($] < 5.009_005) {
14 require MRO::Compat;
15 }
16 else {
17 require mro;
18 }
843a94b5 19
20 *SQL::Abstract::_ENV_::DETECT_AUTOGENERATED_STRINGIFICATION = $ENV{SQLA_ISVALUE_IGNORE_AUTOGENERATED_STRINGIFICATION}
21 ? sub () { 0 }
22 : sub () { 1 }
23 ;
0da0fe34 24}
25
96449e8e 26#======================================================================
27# GLOBALS
28#======================================================================
29
dc6afcf8 30our $VERSION = '1.86';
7479e27e 31
22f1a437 32# This would confuse some packagers
c520207b 33$VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
96449e8e 34
35our $AUTOLOAD;
36
37# special operators (-in, -between). May be extended/overridden by user.
38# See section WHERE: BUILTIN SPECIAL OPERATORS below for implementation
39my @BUILTIN_SPECIAL_OPS = (
f663e672 40 {regex => qr/^ (?: not \s )? between $/ix, handler => sub { die "NOPE" }},
41 {regex => qr/^ (?: not \s )? in $/ix, handler => sub { die "NOPE" }},
87c8e45b 42 {regex => qr/^ is (?: \s+ not )? $/ix, handler => sub { die "NOPE" }},
96449e8e 43);
44
45#======================================================================
46# DEBUGGING AND ERROR REPORTING
47#======================================================================
48
49sub _debug {
50 return unless $_[0]->{debug}; shift; # a little faster
51 my $func = (caller(1))[3];
52 warn "[$func] ", @_, "\n";
53}
54
55sub belch (@) {
56 my($func) = (caller(1))[3];
9d9d5bd6 57 Carp::carp "[$func] Warning: ", @_;
96449e8e 58}
59
60sub puke (@) {
61 my($func) = (caller(1))[3];
9d9d5bd6 62 Carp::croak "[$func] Fatal: ", @_;
96449e8e 63}
64
0da0fe34 65sub is_literal_value ($) {
66 ref $_[0] eq 'SCALAR' ? [ ${$_[0]} ]
67 : ( ref $_[0] eq 'REF' and ref ${$_[0]} eq 'ARRAY' ) ? [ @${ $_[0] } ]
0da0fe34 68 : undef;
69}
70
71# FIXME XSify - this can be done so much more efficiently
72sub is_plain_value ($) {
73 no strict 'refs';
966200cc 74 ! length ref $_[0] ? \($_[0])
0da0fe34 75 : (
76 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
77 and
78 exists $_[0]->{-value}
966200cc 79 ) ? \($_[0]->{-value})
0da0fe34 80 : (
a1c9e0ff 81 # reuse @_ for even moar speedz
82 defined ( $_[1] = Scalar::Util::blessed $_[0] )
0da0fe34 83 and
84 # deliberately not using Devel::OverloadInfo - the checks we are
85 # intersted in are much more limited than the fullblown thing, and
86 # this is a very hot piece of code
87 (
e8d729d4 88 # simply using ->can('(""') can leave behind stub methods that
89 # break actually using the overload later (see L<perldiag/Stub
90 # found while resolving method "%s" overloading "%s" in package
91 # "%s"> and the source of overload::mycan())
44e54b41 92 #
0da0fe34 93 # either has stringification which DBI SHOULD prefer out of the box
a1c9e0ff 94 grep { *{ (qq[${_}::(""]) }{CODE} } @{ $_[2] = mro::get_linear_isa( $_[1] ) }
0da0fe34 95 or
20e178a8 96 # has nummification or boolification, AND fallback is *not* disabled
0da0fe34 97 (
843a94b5 98 SQL::Abstract::_ENV_::DETECT_AUTOGENERATED_STRINGIFICATION
99 and
20e178a8 100 (
101 grep { *{"${_}::(0+"}{CODE} } @{$_[2]}
102 or
103 grep { *{"${_}::(bool"}{CODE} } @{$_[2]}
104 )
0da0fe34 105 and
106 (
107 # no fallback specified at all
a1c9e0ff 108 ! ( ($_[3]) = grep { *{"${_}::()"}{CODE} } @{$_[2]} )
0da0fe34 109 or
110 # fallback explicitly undef
a1c9e0ff 111 ! defined ${"$_[3]::()"}
0da0fe34 112 or
113 # explicitly true
a1c9e0ff 114 !! ${"$_[3]::()"}
0da0fe34 115 )
116 )
117 )
966200cc 118 ) ? \($_[0])
0da0fe34 119 : undef;
120}
121
122
96449e8e 123
124#======================================================================
125# NEW
126#======================================================================
127
128sub new {
129 my $self = shift;
130 my $class = ref($self) || $self;
131 my %opt = (ref $_[0] eq 'HASH') ? %{$_[0]} : @_;
132
133 # choose our case by keeping an option around
134 delete $opt{case} if $opt{case} && $opt{case} ne 'lower';
135
136 # default logic for interpreting arrayrefs
ef559da3 137 $opt{logic} = $opt{logic} ? uc $opt{logic} : 'OR';
96449e8e 138
139 # how to return bind vars
96449e8e 140 $opt{bindtype} ||= 'normal';
141
142 # default comparison is "=", but can be overridden
143 $opt{cmp} ||= '=';
144
3af02ccb 145 # try to recognize which are the 'equality' and 'inequality' ops
3cdadcbe 146 # (temporary quickfix (in 2007), should go through a more seasoned API)
147 $opt{equality_op} = qr/^( \Q$opt{cmp}\E | \= )$/ix;
148 $opt{inequality_op} = qr/^( != | <> )$/ix;
149
150 $opt{like_op} = qr/^ (is\s+)? r?like $/xi;
151 $opt{not_like_op} = qr/^ (is\s+)? not \s+ r?like $/xi;
96449e8e 152
153 # SQL booleans
154 $opt{sqltrue} ||= '1=1';
155 $opt{sqlfalse} ||= '0=1';
156
9d48860e 157 # special operators
30af97c5 158 $opt{special_ops} ||= [];
159
b6251592 160 # regexes are applied in order, thus push after user-defines
96449e8e 161 push @{$opt{special_ops}}, @BUILTIN_SPECIAL_OPS;
162
9d48860e 163 # unary operators
59f23b3d 164 $opt{unary_ops} ||= [];
59f23b3d 165
3af02ccb 166 # rudimentary sanity-check for user supplied bits treated as functions/operators
b6251592 167 # If a purported function matches this regular expression, an exception is thrown.
168 # Literal SQL is *NOT* subject to this check, only functions (and column names
169 # when quoting is not in effect)
96449e8e 170
b6251592 171 # FIXME
172 # need to guard against ()'s in column names too, but this will break tons of
173 # hacks... ideas anyone?
174 $opt{injection_guard} ||= qr/
175 \;
176 |
177 ^ \s* go \s
178 /xmi;
96449e8e 179
b07681b1 180 $opt{node_types} = +{
181 map +("-$_" => '_render_'.$_),
182 qw(op func value bind ident literal)
183 };
184
ec19b759 185 $opt{expand_unary} = {};
186
b6251592 187 return bless \%opt, $class;
188}
96449e8e 189
e175845b 190sub sqltrue { +{ -literal => [ $_[0]->{sqltrue} ] } }
191sub sqlfalse { +{ -literal => [ $_[0]->{sqlfalse} ] } }
170e6c33 192
193sub _assert_pass_injection_guard {
194 if ($_[1] =~ $_[0]->{injection_guard}) {
195 my $class = ref $_[0];
196 puke "Possible SQL injection attempt '$_[1]'. If this is indeed a part of the "
197 . "desired SQL use literal SQL ( \'...' or \[ '...' ] ) or supply your own "
198 . "{injection_guard} attribute to ${class}->new()"
199 }
200}
201
202
96449e8e 203#======================================================================
204# INSERT methods
205#======================================================================
206
207sub insert {
02288357 208 my $self = shift;
209 my $table = $self->_table(shift);
210 my $data = shift || return;
211 my $options = shift;
96449e8e 212
213 my $method = $self->_METHOD_FOR_refkind("_insert", $data);
02288357 214 my ($sql, @bind) = $self->$method($data);
96449e8e 215 $sql = join " ", $self->_sqlcase('insert into'), $table, $sql;
02288357 216
e82e648a 217 if ($options->{returning}) {
ca4f826a 218 my ($s, @b) = $self->_insert_returning($options);
e82e648a 219 $sql .= $s;
220 push @bind, @b;
02288357 221 }
222
96449e8e 223 return wantarray ? ($sql, @bind) : $sql;
224}
225
60f3fd3f 226# So that subclasses can override INSERT ... RETURNING separately from
227# UPDATE and DELETE (e.g. DBIx::Class::SQLMaker::Oracle does this)
b17a3ece 228sub _insert_returning { shift->_returning(@_) }
229
95904db5 230sub _returning {
e82e648a 231 my ($self, $options) = @_;
6b1fe79d 232
e82e648a 233 my $f = $options->{returning};
234
ff96fdd4 235 my ($sql, @bind) = $self->_render_expr(
236 $self->_expand_maybe_list_expr($f, undef, -ident)
237 );
238 return wantarray
239 ? $self->_sqlcase(' returning ') . $sql
240 : ($self->_sqlcase(' returning ').$sql, @bind);
6b1fe79d 241}
242
96449e8e 243sub _insert_HASHREF { # explicit list of fields and then values
244 my ($self, $data) = @_;
245
246 my @fields = sort keys %$data;
247
fe3ae272 248 my ($sql, @bind) = $self->_insert_values($data);
96449e8e 249
250 # assemble SQL
251 $_ = $self->_quote($_) foreach @fields;
252 $sql = "( ".join(", ", @fields).") ".$sql;
253
254 return ($sql, @bind);
255}
256
257sub _insert_ARRAYREF { # just generate values(?,?) part (no list of fields)
258 my ($self, $data) = @_;
259
260 # no names (arrayref) so can't generate bindtype
261 $self->{bindtype} ne 'columns'
262 or belch "can't do 'columns' bindtype when called with arrayref";
263
19b6ccce 264 my (@values, @all_bind);
265 foreach my $value (@$data) {
266 my ($values, @bind) = $self->_insert_value(undef, $value);
267 push @values, $values;
268 push @all_bind, @bind;
269 }
270 my $sql = $self->_sqlcase('values')." ( ".join(", ", @values)." )";
271 return ($sql, @all_bind);
fe3ae272 272}
273
274sub _insert_ARRAYREFREF { # literal SQL with bind
275 my ($self, $data) = @_;
276
277 my ($sql, @bind) = @${$data};
278 $self->_assert_bindval_matches_bindtype(@bind);
279
280 return ($sql, @bind);
281}
282
283
284sub _insert_SCALARREF { # literal SQL without bind
285 my ($self, $data) = @_;
286
287 return ($$data);
288}
289
290sub _insert_values {
291 my ($self, $data) = @_;
292
96449e8e 293 my (@values, @all_bind);
fe3ae272 294 foreach my $column (sort keys %$data) {
19b6ccce 295 my ($values, @bind) = $self->_insert_value($column, $data->{$column});
296 push @values, $values;
297 push @all_bind, @bind;
298 }
299 my $sql = $self->_sqlcase('values')." ( ".join(", ", @values)." )";
300 return ($sql, @all_bind);
301}
96449e8e 302
19b6ccce 303sub _insert_value {
304 my ($self, $column, $v) = @_;
96449e8e 305
720ca4f7 306 return $self->_render_expr(
307 $self->_expand_insert_value($column, $v)
308 );
309}
96449e8e 310
720ca4f7 311sub _expand_insert_value {
312 my ($self, $column, $v) = @_;
96449e8e 313
720ca4f7 314 if (ref($v) eq 'ARRAY') {
315 if ($self->{array_datatypes}) {
316 return +{ -bind => [ $column, $v ] };
317 }
318 my ($sql, @bind) = @$v;
319 $self->_assert_bindval_matches_bindtype(@bind);
320 return +{ -literal => $v };
321 }
322 if (ref($v) eq 'HASH') {
323 if (grep !/^-/, keys %$v) {
324 belch "HASH ref as bind value in insert is not supported";
325 return +{ -bind => [ $column, $v ] };
326 }
327 }
328 if (!defined($v)) {
329 return +{ -bind => [ $column, undef ] };
330 }
331 local our $Cur_Col_Meta = $column;
332 return $self->_expand_expr($v);
96449e8e 333}
334
335
96449e8e 336
337#======================================================================
338# UPDATE methods
339#======================================================================
340
341
342sub update {
95904db5 343 my $self = shift;
344 my $table = $self->_table(shift);
345 my $data = shift || return;
346 my $where = shift;
347 my $options = shift;
96449e8e 348
349 # first build the 'SET' part of the sql statement
96449e8e 350 puke "Unsupported data type specified to \$sql->update"
351 unless ref $data eq 'HASH';
352
9ade906e 353 my ($sql, @all_bind) = $self->_update_set_values($data);
a9e94508 354 $sql = $self->_sqlcase('update ') . $table . $self->_sqlcase(' set ')
9ade906e 355 . $sql;
356
357 if ($where) {
358 my($where_sql, @where_bind) = $self->where($where);
359 $sql .= $where_sql;
360 push @all_bind, @where_bind;
361 }
362
363 if ($options->{returning}) {
364 my ($returning_sql, @returning_bind) = $self->_update_returning($options);
365 $sql .= $returning_sql;
366 push @all_bind, @returning_bind;
367 }
368
369 return wantarray ? ($sql, @all_bind) : $sql;
370}
371
372sub _update_set_values {
373 my ($self, $data) = @_;
374
89690da2 375 return $self->_render_expr(
376 $self->_expand_update_set_values($data),
377 );
378}
96449e8e 379
89690da2 380sub _expand_update_set_values {
381 my ($self, $data) = @_;
382 $self->_expand_maybe_list_expr( [
383 map {
384 my ($k, $set) = @$_;
c4ed66f4 385 $set = { -bind => $_ } unless defined $set;
89690da2 386 +{ -op => [ '=', { -ident => $k }, $set ] };
387 }
388 map {
389 my $k = $_;
390 my $v = $data->{$k};
391 (ref($v) eq 'ARRAY'
392 ? ($self->{array_datatypes}
393 ? [ $k, +{ -bind => [ $k, $v ] } ]
394 : [ $k, +{ -literal => $v } ])
395 : do {
396 local our $Cur_Col_Meta = $k;
397 [ $k, $self->_expand_expr($v) ]
398 }
399 );
400 } sort keys %$data
401 ] );
96449e8e 402}
403
60f3fd3f 404# So that subclasses can override UPDATE ... RETURNING separately from
405# INSERT and DELETE
20bb2ad5 406sub _update_returning { shift->_returning(@_) }
96449e8e 407
408
409
410#======================================================================
411# SELECT
412#======================================================================
413
414
415sub select {
416 my $self = shift;
417 my $table = $self->_table(shift);
418 my $fields = shift || '*';
419 my $where = shift;
420 my $order = shift;
421
daa4ccdd 422 my ($fields_sql, @bind) = $self->_select_fields($fields);
96449e8e 423
daa4ccdd 424 my ($where_sql, @where_bind) = $self->where($where, $order);
425 push @bind, @where_bind;
426
427 my $sql = join(' ', $self->_sqlcase('select'), $fields_sql,
96449e8e 428 $self->_sqlcase('from'), $table)
429 . $where_sql;
430
9d48860e 431 return wantarray ? ($sql, @bind) : $sql;
96449e8e 432}
433
daa4ccdd 434sub _select_fields {
435 my ($self, $fields) = @_;
de63ce57 436 return $fields unless ref($fields);
27592e2b 437 return $self->_render_expr(
438 $self->_expand_maybe_list_expr($fields, undef, '-ident')
439 );
daa4ccdd 440}
441
96449e8e 442#======================================================================
443# DELETE
444#======================================================================
445
446
447sub delete {
85327cd5 448 my $self = shift;
449 my $table = $self->_table(shift);
450 my $where = shift;
451 my $options = shift;
96449e8e 452
453 my($where_sql, @bind) = $self->where($where);
a9e94508 454 my $sql = $self->_sqlcase('delete from ') . $table . $where_sql;
96449e8e 455
85327cd5 456 if ($options->{returning}) {
ca4f826a 457 my ($returning_sql, @returning_bind) = $self->_delete_returning($options);
85327cd5 458 $sql .= $returning_sql;
459 push @bind, @returning_bind;
460 }
461
9d48860e 462 return wantarray ? ($sql, @bind) : $sql;
96449e8e 463}
464
60f3fd3f 465# So that subclasses can override DELETE ... RETURNING separately from
466# INSERT and UPDATE
85327cd5 467sub _delete_returning { shift->_returning(@_) }
468
469
96449e8e 470
471#======================================================================
472# WHERE: entry point
473#======================================================================
474
475
476
477# Finally, a separate routine just to handle WHERE clauses
478sub where {
479 my ($self, $where, $order) = @_;
480
7ad12721 481 local $self->{convert_where} = $self->{convert};
482
96449e8e 483 # where ?
e175845b 484 my ($sql, @bind) = defined($where)
485 ? $self->_recurse_where($where)
486 : (undef);
417dd15e 487 $sql = (defined $sql and length $sql) ? $self->_sqlcase(' where ') . "( $sql )" : '';
96449e8e 488
489 # order by?
490 if ($order) {
26fe4d30 491 my ($order_sql, @order_bind) = $self->_order_by($order);
492 $sql .= $order_sql;
493 push @bind, @order_bind;
96449e8e 494 }
495
9d48860e 496 return wantarray ? ($sql, @bind) : $sql;
96449e8e 497}
498
a2cd381d 499sub _expand_expr {
2558b622 500 my ($self, $expr, $logic, $default_scalar_to) = @_;
501 local our $Default_Scalar_To = $default_scalar_to if $default_scalar_to;
3ae10d16 502 our $Expand_Depth ||= 0; local $Expand_Depth = $Expand_Depth + 1;
252518da 503 return undef unless defined($expr);
59588695 504 if (ref($expr) eq 'HASH') {
505 if (keys %$expr > 1) {
506 $logic ||= 'and';
77617257 507 return +{ -op => [
508 $logic,
59588695 509 map $self->_expand_expr_hashpair($_ => $expr->{$_}, $logic),
510 sort keys %$expr
511 ] };
512 }
99a65fa8 513 return unless %$expr;
59588695 514 return $self->_expand_expr_hashpair(%$expr, $logic);
a2cd381d 515 }
08264f40 516 if (ref($expr) eq 'ARRAY') {
99a65fa8 517 my $logic = lc($logic || $self->{logic});
08264f40 518 $logic eq 'and' or $logic eq 'or' or puke "unknown logic: $logic";
519
520 my @expr = @$expr;
521
522 my @res;
523
524 while (my ($el) = splice @expr, 0, 1) {
525 puke "Supplying an empty left hand side argument is not supported in array-pairs"
526 unless defined($el) and length($el);
527 my $elref = ref($el);
528 if (!$elref) {
529 push(@res, $self->_expand_expr({ $el, shift(@expr) }));
530 } elsif ($elref eq 'ARRAY') {
531 push(@res, $self->_expand_expr($el)) if @$el;
ec857800 532 } elsif (my $l = is_literal_value($el)) {
533 push @res, { -literal => $l };
08264f40 534 } elsif ($elref eq 'HASH') {
535 push @res, $self->_expand_expr($el);
536 } else {
da4a0964 537 die "notreached";
08264f40 538 }
539 }
2143604f 540 return { -op => [ $logic, @res ] };
08264f40 541 }
ca3da680 542 if (my $literal = is_literal_value($expr)) {
543 return +{ -literal => $literal };
544 }
99a65fa8 545 if (!ref($expr) or Scalar::Util::blessed($expr)) {
2558b622 546 if (my $d = $Default_Scalar_To) {
547 return +{ $d => $expr };
548 }
99a65fa8 549 if (my $m = our $Cur_Col_Meta) {
550 return +{ -bind => [ $m, $expr ] };
551 }
252518da 552 return +{ -value => $expr };
553 }
252518da 554 die "notreached";
a2cd381d 555}
96449e8e 556
0fc68377 557my $Nest_Warned = 0;
74156ee9 558
59588695 559sub _expand_expr_hashpair {
560 my ($self, $k, $v, $logic) = @_;
d13725da 561 unless (defined($k) and length($k)) {
2d64004f 562 if (defined($k) and my $literal = is_literal_value($v)) {
d13725da 563 belch 'Hash-pairs consisting of an empty string with a literal are deprecated, and will be removed in 2.0: use -and => [ $literal ] instead';
2d64004f 564 return { -literal => $literal };
d13725da 565 }
566 puke "Supplying an empty left hand side argument is not supported";
567 }
ef071fad 568 if ($k =~ /^-/) {
99a65fa8 569 $self->_assert_pass_injection_guard($k =~ /^-(.*)$/s);
570 if ($k =~ s/ [_\s]? \d+ $//x ) {
571 belch 'Use of [and|or|nest]_N modifiers is deprecated and will be removed in SQLA v2.0. '
572 . "You probably wanted ...-and => [ $k => COND1, $k => COND2 ... ]";
573 }
ef071fad 574 if ($k eq '-nest') {
0fc68377 575 # DBIx::Class requires a nest warning to be emitted once but the private
576 # method it overrode to do so no longer exists
577 if (ref($self) =~ /^DBIx::Class::SQLMaker/) {
578 unless ($Nest_Warned) {
579 belch(
580 "-nest in search conditions is deprecated, you most probably wanted:\n"
581 .q|{..., -and => [ \%cond0, \@cond1, \'cond2', \[ 'cond3', [ col => bind ] ], etc. ], ... }|
582 );
583 $Nest_Warned = 1;
584 }
585 }
ef071fad 586 return $self->_expand_expr($v);
587 }
6ab1562a 588 if ($k eq '-bool') {
589 if (ref($v)) {
590 return $self->_expand_expr($v);
591 }
592 puke "-bool => undef not supported" unless defined($v);
593 return { -ident => $v };
594 }
99a65fa8 595 if ($k eq '-not') {
0c7e3af0 596 return { -op => [ 'not', $self->_expand_expr($v) ] };
99a65fa8 597 }
ce3bc4b0 598 if (my ($rest) = $k =~/^-not[_ ](.*)$/) {
0c7e3af0 599 return +{ -op => [
600 'not',
99a65fa8 601 $self->_expand_expr_hashpair("-${rest}", $v, $logic)
0c7e3af0 602 ] };
ce3bc4b0 603 }
99a65fa8 604 if (my ($logic) = $k =~ /^-(and|or)$/i) {
dd2d5bf7 605 if (ref($v) eq 'HASH') {
606 return $self->_expand_expr($v, $logic);
607 }
99a65fa8 608 if (ref($v) eq 'ARRAY') {
609 return $self->_expand_expr($v, $logic);
610 }
dd2d5bf7 611 }
99a65fa8 612 {
613 my $op = $k;
614 $op =~ s/^-// if length($op) > 1;
615
616 # top level special ops are illegal in general
3ae10d16 617 # note that, arguably, if it makes no sense at top level, it also
618 # makes no sense on the other side of an = sign or similar but DBIC
619 # gets disappointingly upset if I disallow it
620 if (
621 (our $Expand_Depth) == 1
622 and List::Util::first { $op =~ $_->{regex} } @{$self->{special_ops}}
623 ) {
624 puke "Illegal use of top-level '-$op'"
625 }
96a8d74a 626 if (my $us = List::Util::first { $op =~ $_->{regex} } @{$self->{unary_ops}}) {
627 return { -op => [ $op, $v ] };
628 }
99a65fa8 629 }
630 if ($k eq '-value' and my $m = our $Cur_Col_Meta) {
631 return +{ -bind => [ $m, $v ] };
632 }
ec19b759 633 if (my $custom = $self->{expand_unary}{$k}) {
634 return $self->$custom($v);
635 }
b07681b1 636 if ($self->{node_types}{$k}) {
99a65fa8 637 return { $k => $v };
d13725da 638 }
711892b1 639 if (
640 ref($v) eq 'HASH'
641 and keys %$v == 1
642 and (keys %$v)[0] =~ /^-/
643 ) {
644 my ($func) = $k =~ /^-(.*)$/;
3ae10d16 645 if (List::Util::first { $func =~ $_->{regex} } @{$self->{special_ops}}) {
646 return +{ -op => [ $func, $self->_expand_expr($v) ] };
647 }
711892b1 648 return +{ -func => [ $func, $self->_expand_expr($v) ] };
649 }
650 if (!ref($v) or is_literal_value($v)) {
99a65fa8 651 return +{ -op => [ $k =~ /^-(.*)$/, $self->_expand_expr($v) ] };
59588695 652 }
99a65fa8 653 }
654 if (
655 !defined($v)
656 or (
657 ref($v) eq 'HASH'
658 and exists $v->{-value}
659 and not defined $v->{-value}
660 )
661 ) {
662 return $self->_expand_expr_hashpair($k => { $self->{cmp} => undef });
663 }
664 if (!ref($v) or Scalar::Util::blessed($v)) {
ec19b759 665 my $d = our $Default_Scalar_To;
99a65fa8 666 return +{
667 -op => [
668 $self->{cmp},
669 { -ident => $k },
ec19b759 670 ($d ? { $d => $v } : { -bind => [ $k, $v ] })
99a65fa8 671 ]
672 };
673 }
674 if (ref($v) eq 'HASH') {
675 if (keys %$v > 1) {
e175845b 676 return { -op => [
677 'and',
99a65fa8 678 map $self->_expand_expr_hashpair($k => { $_ => $v->{$_} }),
679 sort keys %$v
680 ] };
681 }
682 my ($vk, $vv) = %$v;
683 $vk =~ s/^-//;
684 $vk = lc($vk);
685 $self->_assert_pass_injection_guard($vk);
686 if ($vk =~ s/ [_\s]? \d+ $//x ) {
687 belch 'Use of [and|or|nest]_N modifiers is deprecated and will be removed in SQLA v2.0. '
688 . "You probably wanted ...-and => [ -$vk => COND1, -$vk => COND2 ... ]";
689 }
690 if ($vk =~ /^(?:not[ _])?between$/) {
691 local our $Cur_Col_Meta = $k;
692 my @rhs = map $self->_expand_expr($_),
693 ref($vv) eq 'ARRAY' ? @$vv : $vv;
694 unless (
695 (@rhs == 1 and ref($rhs[0]) eq 'HASH' and $rhs[0]->{-literal})
696 or
697 (@rhs == 2 and defined($rhs[0]) and defined($rhs[1]))
698 ) {
699 puke "Operator '${\uc($vk)}' requires either an arrayref with two defined values or expressions, or a single literal scalarref/arrayref-ref";
b5b18861 700 }
99a65fa8 701 return +{ -op => [
702 join(' ', split '_', $vk),
703 { -ident => $k },
704 @rhs
705 ] }
706 }
707 if ($vk =~ /^(?:not[ _])?in$/) {
708 if (my $literal = is_literal_value($vv)) {
709 my ($sql, @bind) = @$literal;
710 my $opened_sql = $self->_open_outer_paren($sql);
10d07c4e 711 return +{ -op => [
99a65fa8 712 $vk, { -ident => $k },
713 [ { -literal => [ $opened_sql, @bind ] } ]
10d07c4e 714 ] };
715 }
99a65fa8 716 my $undef_err =
717 'SQL::Abstract before v1.75 used to generate incorrect SQL when the '
718 . "-${\uc($vk)} operator was given an undef-containing list: !!!AUDIT YOUR CODE "
719 . 'AND DATA!!! (the upcoming Data::Query-based version of SQL::Abstract '
720 . 'will emit the logically correct SQL instead of raising this exception)'
721 ;
722 puke("Argument passed to the '${\uc($vk)}' operator can not be undefined")
723 if !defined($vv);
724 my @rhs = map $self->_expand_expr($_),
725 map { ref($_) ? $_ : { -bind => [ $k, $_ ] } }
726 map { defined($_) ? $_: puke($undef_err) }
727 (ref($vv) eq 'ARRAY' ? @$vv : $vv);
e175845b 728 return $self->${\($vk =~ /^not/ ? 'sqltrue' : 'sqlfalse')} unless @rhs;
99a65fa8 729
730 return +{ -op => [
731 join(' ', split '_', $vk),
732 { -ident => $k },
733 \@rhs
734 ] };
735 }
736 if ($vk eq 'ident') {
02b8fe35 737 if (! defined $vv or (ref($vv) and ref($vv) eq 'ARRAY')) {
738 puke "-$vk requires a single plain scalar argument (a quotable identifier) or an arrayref of identifier parts";
f7778474 739 }
99a65fa8 740 return +{ -op => [
741 $self->{cmp},
742 { -ident => $k },
743 { -ident => $vv }
744 ] };
745 }
746 if ($vk eq 'value') {
747 return $self->_expand_expr_hashpair($k, undef) unless defined($vv);
748 return +{ -op => [
749 $self->{cmp},
750 { -ident => $k },
751 { -bind => [ $k, $vv ] }
752 ] };
753 }
754 if ($vk =~ /^is(?:[ _]not)?$/) {
755 puke "$vk can only take undef as argument"
756 if defined($vv)
757 and not (
758 ref($vv) eq 'HASH'
759 and exists($vv->{-value})
760 and !defined($vv->{-value})
761 );
762 $vk =~ s/_/ /g;
763 return +{ -op => [ $vk.' null', { -ident => $k } ] };
764 }
765 if ($vk =~ /^(and|or)$/) {
766 if (ref($vv) eq 'HASH') {
e62fe58a 767 return +{ -op => [
768 $vk,
99a65fa8 769 map $self->_expand_expr_hashpair($k, { $_ => $vv->{$_} }),
770 sort keys %$vv
7d7868d1 771 ] };
772 }
e28d9b13 773 }
30af97c5 774 if (my $us = List::Util::first { $vk =~ $_->{regex} } @{$self->{special_ops}}) {
99a65fa8 775 return { -op => [ $vk, { -ident => $k }, $vv ] };
7dbe1183 776 }
96a8d74a 777 if (my $us = List::Util::first { $vk =~ $_->{regex} } @{$self->{unary_ops}}) {
778 return { -op => [
779 $self->{cmp},
780 { -ident => $k },
781 { -op => [ $vk, $vv ] }
782 ] };
783 }
99a65fa8 784 if (ref($vv) eq 'ARRAY') {
785 my ($logic, @values) = (
786 (defined($vv->[0]) and $vv->[0] =~ /^-(and|or)$/i)
787 ? @$vv
788 : (-or => @$vv)
789 );
790 if (
791 $vk =~ $self->{inequality_op}
792 or join(' ', split '_', $vk) =~ $self->{not_like_op}
793 ) {
794 if (lc($logic) eq '-or' and @values > 1) {
795 my $op = uc join ' ', split '_', $vk;
796 belch "A multi-element arrayref as an argument to the inequality op '$op' "
797 . 'is technically equivalent to an always-true 1=1 (you probably wanted '
798 . "to say ...{ \$inequality_op => [ -and => \@values ] }... instead)"
799 ;
800 }
ef071fad 801 }
b3cb13e8 802 unless (@values) {
803 # try to DWIM on equality operators
804 my $op = join ' ', split '_', $vk;
805 return
e175845b 806 $op =~ $self->{equality_op} ? $self->sqlfalse
807 : $op =~ $self->{like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->sqlfalse
808 : $op =~ $self->{inequality_op} ? $self->sqltrue
809 : $op =~ $self->{not_like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->sqltrue
b3cb13e8 810 : puke "operator '$op' applied on an empty array (field '$k')";
811 }
63c97a0b 812 return +{ -op => [
813 $logic =~ /^-(.*)$/,
99a65fa8 814 map $self->_expand_expr_hashpair($k => { $vk => $_ }),
815 @values
816 ] };
817 }
818 if (
819 !defined($vv)
820 or (
821 ref($vv) eq 'HASH'
822 and exists $vv->{-value}
823 and not defined $vv->{-value}
824 )
825 ) {
826 my $op = join ' ', split '_', $vk;
827 my $is =
828 $op =~ /^not$/i ? 'is not' # legacy
829 : $op =~ $self->{equality_op} ? 'is'
830 : $op =~ $self->{like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is'
831 : $op =~ $self->{inequality_op} ? 'is not'
832 : $op =~ $self->{not_like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is not'
833 : puke "unexpected operator '$op' with undef operand";
834 return +{ -op => [ $is.' null', { -ident => $k } ] };
835 }
836 local our $Cur_Col_Meta = $k;
837 return +{ -op => [
838 $vk,
839 { -ident => $k },
840 $self->_expand_expr($vv)
841 ] };
842 }
843 if (ref($v) eq 'ARRAY') {
e175845b 844 return $self->sqlfalse unless @$v;
99a65fa8 845 $self->_debug("ARRAY($k) means distribute over elements");
846 my $this_logic = (
847 $v->[0] =~ /^-((?:and|or))$/i
848 ? ($v = [ @{$v}[1..$#$v] ], $1)
849 : ($self->{logic} || 'or')
850 );
cba28f66 851 return +{ -op => [
852 $this_logic,
853 map $self->_expand_expr({ $k => $_ }, $this_logic), @$v
854 ] };
99a65fa8 855 }
856 if (my $literal = is_literal_value($v)) {
857 unless (length $k) {
858 belch 'Hash-pairs consisting of an empty string with a literal are deprecated, and will be removed in 2.0: use -and => [ $literal ] instead';
859 return \$literal;
860 }
861 my ($sql, @bind) = @$literal;
862 if ($self->{bindtype} eq 'columns') {
863 for (@bind) {
6fb2bd90 864 $self->_assert_bindval_matches_bindtype($_);
aa8d7bdb 865 }
331e2209 866 }
99a65fa8 867 return +{ -literal => [ $self->_quote($k).' '.$sql, @bind ] };
331e2209 868 }
99a65fa8 869 die "notreached";
59588695 870}
871
e175845b 872sub _render_expr {
873 my ($self, $expr) = @_;
874 my ($k, $v, @rest) = %$expr;
875 die "No" if @rest;
b07681b1 876 if (my $meth = $self->{node_types}{$k}) {
181dcebf 877 return $self->$meth($v);
e175845b 878 }
879 die "notreached: $k";
880}
881
96449e8e 882sub _recurse_where {
883 my ($self, $where, $logic) = @_;
884
99a65fa8 885#print STDERR Data::Dumper::Concise::Dumper([ $where, $logic ]);
886
5492d4c2 887 # Special case: top level simple string treated as literal
888
889 my $where_exp = (ref($where)
890 ? $self->_expand_expr($where, $logic)
891 : { -literal => [ $where ] });
a2cd381d 892
99a65fa8 893#print STDERR Data::Dumper::Concise::Dumper([ EXP => $where_exp ]);
894
96449e8e 895 # dispatch on appropriate method according to refkind of $where
e175845b 896# my $method = $self->_METHOD_FOR_refkind("_where", $where_exp);
897
898# my ($sql, @bind) = $self->$method($where_exp, $logic);
311b2151 899
e175845b 900 my ($sql, @bind) = defined($where_exp) ? $self->_render_expr($where_exp) : (undef);
311b2151 901
abe1a491 902 # DBIx::Class used to call _recurse_where in scalar context
903 # something else might too...
904 if (wantarray) {
905 return ($sql, @bind);
906 }
907 else {
908 belch "Calling _recurse_where in scalar context is deprecated and will go away before 2.0";
909 return $sql;
910 }
96449e8e 911}
912
181dcebf 913sub _render_ident {
914 my ($self, $ident) = @_;
cc422895 915
9cf28dfb 916 return $self->_convert($self->_quote($ident));
cc422895 917}
918
181dcebf 919sub _render_value {
920 my ($self, $value) = @_;
cc422895 921
52511ae3 922 return ($self->_convert('?'), $self->_bindtype(undef, $value));
cc422895 923}
924
c452734e 925my %unop_postfix = map +($_ => 1),
926 'is null', 'is not null',
927 'asc', 'desc',
928;
d13725da 929
b5b18861 930my %special = (
931 (map +($_ => do {
932 my $op = $_;
933 sub {
934 my ($self, $args) = @_;
935 my ($left, $low, $high) = @$args;
936 my ($rhsql, @rhbind) = do {
937 if (@$args == 2) {
938 puke "Single arg to between must be a literal"
939 unless $low->{-literal};
940 @{$low->{-literal}}
941 } else {
e56dd780 942 my ($l, $h) = map [ $self->_render_expr($_) ], $low, $high;
b5b18861 943 (join(' ', $l->[0], $self->_sqlcase('and'), $h->[0]),
944 @{$l}[1..$#$l], @{$h}[1..$#$h])
945 }
946 };
e56dd780 947 my ($lhsql, @lhbind) = $self->_render_expr($left);
b5b18861 948 return (
949 join(' ', '(', $lhsql, $self->_sqlcase($op), $rhsql, ')'),
950 @lhbind, @rhbind
951 );
952 }
953 }), 'between', 'not between'),
10d07c4e 954 (map +($_ => do {
955 my $op = $_;
956 sub {
957 my ($self, $args) = @_;
958 my ($lhs, $rhs) = @$args;
959 my @in_bind;
960 my @in_sql = map {
0ce981f8 961 my ($sql, @bind) = $self->_render_expr($_);
10d07c4e 962 push @in_bind, @bind;
963 $sql;
964 } @$rhs;
0ce981f8 965 my ($lhsql, @lbind) = $self->_render_expr($lhs);
10d07c4e 966 return (
967 $lhsql.' '.$self->_sqlcase($op).' ( '
968 .join(', ', @in_sql)
969 .' )',
970 @lbind, @in_bind
971 );
972 }
973 }), 'in', 'not in'),
b5b18861 974);
975
181dcebf 976sub _render_op {
977 my ($self, $v) = @_;
d13725da 978 my ($op, @args) = @$v;
979 $op =~ s/^-// if length($op) > 1;
cba28f66 980 $op = lc($op);
b5b18861 981 if (my $h = $special{$op}) {
982 return $self->$h(\@args);
983 }
3ae10d16 984 my $us = List::Util::first { $op =~ $_->{regex} } @{$self->{special_ops}};
985 if ($us and @args > 1) {
99a65fa8 986 puke "Special op '${op}' requires first value to be identifier"
987 unless my ($k) = map $_->{-ident}, grep ref($_) eq 'HASH', $args[0];
988 return $self->${\($us->{handler})}($k, $op, $args[1]);
989 }
96a8d74a 990 if (my $us = List::Util::first { $op =~ $_->{regex} } @{$self->{unary_ops}}) {
991 return $self->${\($us->{handler})}($op, $args[0]);
992 }
99a65fa8 993 my $final_op = $op =~ /^(?:is|not)_/ ? join(' ', split '_', $op) : $op;
2143604f 994 if (@args == 1 and $op !~ /^(and|or)$/) {
ec857800 995 my ($expr_sql, @bind) = $self->_render_expr($args[0]);
d13725da 996 my $op_sql = $self->_sqlcase($final_op);
997 my $final_sql = (
998 $unop_postfix{lc($final_op)}
999 ? "${expr_sql} ${op_sql}"
1000 : "${op_sql} ${expr_sql}"
1001 );
3ae10d16 1002 return (($op eq 'not' || $us ? '('.$final_sql.')' : $final_sql), @bind);
16d9289c 1003 } else {
ec857800 1004 my @parts = map [ $self->_render_expr($_) ], @args;
59d02991 1005 my ($final_sql) = map +($op =~ /^(and|or)$/ ? "( ${_} )" : $_), join(
2f9c5405 1006 ($final_op eq ',' ? '' : ' ').$self->_sqlcase($final_op).' ',
77617257 1007 map $_->[0], @parts
1008 );
99a65fa8 1009 return (
77617257 1010 $final_sql,
16d9289c 1011 map @{$_}[1..$#$_], @parts
99a65fa8 1012 );
d13725da 1013 }
1014 die "unhandled";
1015}
1016
181dcebf 1017sub _render_func {
1018 my ($self, $rest) = @_;
711892b1 1019 my ($func, @args) = @$rest;
1020 my @arg_sql;
1021 my @bind = map {
1022 my @x = @$_;
1023 push @arg_sql, shift @x;
1024 @x
0f199fce 1025 } map [ $self->_render_expr($_) ], @args;
711892b1 1026 return ($self->_sqlcase($func).'('.join(', ', @arg_sql).')', @bind);
1027}
1028
181dcebf 1029sub _render_bind {
1030 my ($self, $bind) = @_;
d13725da 1031 return ($self->_convert('?'), $self->_bindtype(@$bind));
1032}
1033
181dcebf 1034sub _render_literal {
1035 my ($self, $literal) = @_;
465d43fd 1036 $self->_assert_bindval_matches_bindtype(@{$literal}[1..$#$literal]);
aa8d7bdb 1037 return @$literal;
1038}
1039
4a1f01a3 1040# Some databases (SQLite) treat col IN (1, 2) different from
1041# col IN ( (1, 2) ). Use this to strip all outer parens while
1042# adding them back in the corresponding method
1043sub _open_outer_paren {
1044 my ($self, $sql) = @_;
a5f91feb 1045
ca4f826a 1046 while (my ($inner) = $sql =~ /^ \s* \( (.*) \) \s* $/xs) {
a5f91feb 1047
1048 # there are closing parens inside, need the heavy duty machinery
1049 # to reevaluate the extraction starting from $sql (full reevaluation)
ca4f826a 1050 if ($inner =~ /\)/) {
a5f91feb 1051 require Text::Balanced;
1052
1053 my (undef, $remainder) = do {
1054 # idiotic design - writes to $@ but *DOES NOT* throw exceptions
1055 local $@;
ca4f826a 1056 Text::Balanced::extract_bracketed($sql, '()', qr/\s*/);
a5f91feb 1057 };
1058
1059 # the entire expression needs to be a balanced bracketed thing
1060 # (after an extract no remainder sans trailing space)
1061 last if defined $remainder and $remainder =~ /\S/;
1062 }
1063
1064 $sql = $inner;
1065 }
1066
1067 $sql;
4a1f01a3 1068}
1069
96449e8e 1070
96449e8e 1071#======================================================================
1072# ORDER BY
1073#======================================================================
1074
33177570 1075sub _expand_order_by {
96449e8e 1076 my ($self, $arg) = @_;
1077
33177570 1078 return unless defined($arg) and not (ref($arg) eq 'ARRAY' and !@$arg);
2b6158af 1079
4325df6a 1080 my $expander = sub {
1081 my ($self, $dir, $expr) = @_;
52ca537e 1082 my @to_expand = ref($expr) eq 'ARRAY' ? @$expr : $expr;
1083 foreach my $arg (@to_expand) {
1084 if (
1085 ref($arg) eq 'HASH'
1086 and keys %$arg > 1
1087 and grep /^-(asc|desc)$/, keys %$arg
1088 ) {
1089 puke "ordering direction hash passed to order by must have exactly one key (-asc or -desc)";
1090 }
1091 }
4325df6a 1092 my @exp = map +(defined($dir) ? { -op => [ $dir => $_ ] } : $_),
74156ee9 1093 map $self->_expand_expr($_, undef, -ident),
1094 map ref($_) eq 'ARRAY' ? @$_ : $_, @to_expand;
4325df6a 1095 return (@exp > 1 ? { -op => [ ',', @exp ] } : $exp[0]);
1096 };
18c743c8 1097
ec19b759 1098 local @{$self->{expand_unary}}{qw(-asc -desc)} = (
1099 sub { shift->$expander(asc => @_) },
1100 sub { shift->$expander(desc => @_) },
1101 );
f267b646 1102
33177570 1103 return $self->$expander(undef, $arg);
1104}
1105
1106sub _order_by {
1107 my ($self, $arg) = @_;
1108
1109 return '' unless defined(my $expanded = $self->_expand_order_by($arg));
4325df6a 1110
1111 my ($sql, @bind) = $self->_render_expr($expanded);
1112
1113 my $final_sql = $self->_sqlcase(' order by ').$sql;
1114
1115 return wantarray ? ($final_sql, @bind) : $final_sql;
f267b646 1116}
1117
2e3cc357 1118# _order_by no longer needs to call this so doesn't but DBIC uses it.
1119
33177570 1120sub _order_by_chunks {
1121 my ($self, $arg) = @_;
1122
1123 return () unless defined(my $expanded = $self->_expand_order_by($arg));
1124
2e3cc357 1125 return $self->_chunkify_order_by($expanded);
1126}
1127
1128sub _chunkify_order_by {
1129 my ($self, $expanded) = @_;
33177570 1130 for ($expanded) {
1131 if (ref() eq 'HASH' and my $op = $_->{-op}) {
1132 if ($op->[0] eq ',') {
2e3cc357 1133 return map $self->_chunkify_order_by($_), @{$op}[1..$#$op];
33177570 1134 }
1135 }
1136 return [ $self->_render_expr($_) ];
1137 }
1138}
1139
96449e8e 1140#======================================================================
1141# DATASOURCE (FOR NOW, JUST PLAIN TABLE OR LIST OF TABLES)
1142#======================================================================
1143
1144sub _table {
1145 my $self = shift;
1146 my $from = shift;
7ad12721 1147 ($self->_render_expr(
8476c6a3 1148 $self->_expand_maybe_list_expr($from, undef, -ident)
7ad12721 1149 ))[0];
96449e8e 1150}
1151
1152
1153#======================================================================
1154# UTILITY FUNCTIONS
1155#======================================================================
1156
8476c6a3 1157sub _expand_maybe_list_expr {
1158 my ($self, $expr, $logic, $default) = @_;
bba04f52 1159 my $e = do {
1160 if (ref($expr) eq 'ARRAY') {
1161 return { -op => [
8476c6a3 1162 ',', map $self->_expand_expr($_, $logic, $default), @$expr
bba04f52 1163 ] } if @$expr > 1;
1164 $expr->[0]
1165 } else {
1166 $expr
1167 }
1168 };
1169 return $self->_expand_expr($e, $logic, $default);
8476c6a3 1170}
1171
955e77ca 1172# highly optimized, as it's called way too often
96449e8e 1173sub _quote {
955e77ca 1174 # my ($self, $label) = @_;
96449e8e 1175
955e77ca 1176 return '' unless defined $_[1];
955e77ca 1177 return ${$_[1]} if ref($_[1]) eq 'SCALAR';
d3162b5c 1178 puke 'Identifier cannot be hashref' if ref($_[1]) eq 'HASH';
96449e8e 1179
d3162b5c 1180 unless ($_[0]->{quote_char}) {
1181 if (ref($_[1]) eq 'ARRAY') {
1182 return join($_[0]->{name_sep}||'.', @{$_[1]});
1183 } else {
1184 $_[0]->_assert_pass_injection_guard($_[1]);
1185 return $_[1];
1186 }
1187 }
96449e8e 1188
07d7c35c 1189 my $qref = ref $_[0]->{quote_char};
439834d3 1190 my ($l, $r) =
1191 !$qref ? ($_[0]->{quote_char}, $_[0]->{quote_char})
1192 : ($qref eq 'ARRAY') ? @{$_[0]->{quote_char}}
1193 : puke "Unsupported quote_char format: $_[0]->{quote_char}";
1194
46be4313 1195 my $esc = $_[0]->{escape_char} || $r;
96449e8e 1196
07d7c35c 1197 # parts containing * are naturally unquoted
d3162b5c 1198 return join(
1199 $_[0]->{name_sep}||'',
1200 map +(
1201 $_ eq '*'
1202 ? $_
1203 : do { (my $n = $_) =~ s/(\Q$esc\E|\Q$r\E)/$esc$1/g; $l . $n . $r }
1204 ),
1205 (ref($_[1]) eq 'ARRAY'
1206 ? @{$_[1]}
1207 : (
1208 $_[0]->{name_sep}
1209 ? split (/\Q$_[0]->{name_sep}\E/, $_[1] )
1210 : $_[1]
1211 )
1212 )
955e77ca 1213 );
96449e8e 1214}
1215
1216
1217# Conversion, if applicable
d7c862e0 1218sub _convert {
07d7c35c 1219 #my ($self, $arg) = @_;
7ad12721 1220 if ($_[0]->{convert_where}) {
1221 return $_[0]->_sqlcase($_[0]->{convert_where}) .'(' . $_[1] . ')';
96449e8e 1222 }
07d7c35c 1223 return $_[1];
96449e8e 1224}
1225
1226# And bindtype
d7c862e0 1227sub _bindtype {
07d7c35c 1228 #my ($self, $col, @vals) = @_;
07d7c35c 1229 # called often - tighten code
1230 return $_[0]->{bindtype} eq 'columns'
1231 ? map {[$_[1], $_]} @_[2 .. $#_]
1232 : @_[2 .. $#_]
1233 ;
96449e8e 1234}
1235
fe3ae272 1236# Dies if any element of @bind is not in [colname => value] format
1237# if bindtype is 'columns'.
1238sub _assert_bindval_matches_bindtype {
c94a6c93 1239# my ($self, @bind) = @_;
1240 my $self = shift;
fe3ae272 1241 if ($self->{bindtype} eq 'columns') {
c94a6c93 1242 for (@_) {
1243 if (!defined $_ || ref($_) ne 'ARRAY' || @$_ != 2) {
3a06278c 1244 puke "bindtype 'columns' selected, you need to pass: [column_name => bind_value]"
fe3ae272 1245 }
1246 }
1247 }
1248}
1249
96449e8e 1250sub _join_sql_clauses {
1251 my ($self, $logic, $clauses_aref, $bind_aref) = @_;
1252
1253 if (@$clauses_aref > 1) {
1254 my $join = " " . $self->_sqlcase($logic) . " ";
1255 my $sql = '( ' . join($join, @$clauses_aref) . ' )';
1256 return ($sql, @$bind_aref);
1257 }
1258 elsif (@$clauses_aref) {
1259 return ($clauses_aref->[0], @$bind_aref); # no parentheses
1260 }
1261 else {
1262 return (); # if no SQL, ignore @$bind_aref
1263 }
1264}
1265
1266
1267# Fix SQL case, if so requested
1268sub _sqlcase {
96449e8e 1269 # LDNOTE: if $self->{case} is true, then it contains 'lower', so we
1270 # don't touch the argument ... crooked logic, but let's not change it!
07d7c35c 1271 return $_[0]->{case} ? $_[1] : uc($_[1]);
96449e8e 1272}
1273
1274
1275#======================================================================
1276# DISPATCHING FROM REFKIND
1277#======================================================================
1278
1279sub _refkind {
1280 my ($self, $data) = @_;
96449e8e 1281
955e77ca 1282 return 'UNDEF' unless defined $data;
1283
1284 # blessed objects are treated like scalars
1285 my $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1286
1287 return 'SCALAR' unless $ref;
1288
1289 my $n_steps = 1;
1290 while ($ref eq 'REF') {
96449e8e 1291 $data = $$data;
955e77ca 1292 $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1293 $n_steps++ if $ref;
96449e8e 1294 }
1295
848556bc 1296 return ($ref||'SCALAR') . ('REF' x $n_steps);
96449e8e 1297}
1298
1299sub _try_refkind {
1300 my ($self, $data) = @_;
1301 my @try = ($self->_refkind($data));
1302 push @try, 'SCALAR_or_UNDEF' if $try[0] eq 'SCALAR' || $try[0] eq 'UNDEF';
1303 push @try, 'FALLBACK';
955e77ca 1304 return \@try;
96449e8e 1305}
1306
1307sub _METHOD_FOR_refkind {
1308 my ($self, $meth_prefix, $data) = @_;
f39eaa60 1309
1310 my $method;
955e77ca 1311 for (@{$self->_try_refkind($data)}) {
f39eaa60 1312 $method = $self->can($meth_prefix."_".$_)
1313 and last;
1314 }
1315
1316 return $method || puke "cannot dispatch on '$meth_prefix' for ".$self->_refkind($data);
96449e8e 1317}
1318
1319
1320sub _SWITCH_refkind {
1321 my ($self, $data, $dispatch_table) = @_;
1322
f39eaa60 1323 my $coderef;
955e77ca 1324 for (@{$self->_try_refkind($data)}) {
f39eaa60 1325 $coderef = $dispatch_table->{$_}
1326 and last;
1327 }
1328
1329 puke "no dispatch entry for ".$self->_refkind($data)
1330 unless $coderef;
1331
96449e8e 1332 $coderef->();
1333}
1334
1335
1336
1337
1338#======================================================================
1339# VALUES, GENERATE, AUTOLOAD
1340#======================================================================
1341
1342# LDNOTE: original code from nwiger, didn't touch code in that section
1343# I feel the AUTOLOAD stuff should not be the default, it should
1344# only be activated on explicit demand by user.
1345
1346sub values {
1347 my $self = shift;
1348 my $data = shift || return;
1349 puke "Argument to ", __PACKAGE__, "->values must be a \\%hash"
1350 unless ref $data eq 'HASH';
bab725ce 1351
1352 my @all_bind;
ca4f826a 1353 foreach my $k (sort keys %$data) {
bab725ce 1354 my $v = $data->{$k};
1355 $self->_SWITCH_refkind($v, {
9d48860e 1356 ARRAYREF => sub {
bab725ce 1357 if ($self->{array_datatypes}) { # array datatype
1358 push @all_bind, $self->_bindtype($k, $v);
1359 }
1360 else { # literal SQL with bind
1361 my ($sql, @bind) = @$v;
1362 $self->_assert_bindval_matches_bindtype(@bind);
1363 push @all_bind, @bind;
1364 }
1365 },
1366 ARRAYREFREF => sub { # literal SQL with bind
1367 my ($sql, @bind) = @${$v};
1368 $self->_assert_bindval_matches_bindtype(@bind);
1369 push @all_bind, @bind;
1370 },
1371 SCALARREF => sub { # literal SQL without bind
1372 },
1373 SCALAR_or_UNDEF => sub {
1374 push @all_bind, $self->_bindtype($k, $v);
1375 },
1376 });
1377 }
1378
1379 return @all_bind;
96449e8e 1380}
1381
1382sub generate {
1383 my $self = shift;
1384
1385 my(@sql, @sqlq, @sqlv);
1386
1387 for (@_) {
1388 my $ref = ref $_;
1389 if ($ref eq 'HASH') {
1390 for my $k (sort keys %$_) {
1391 my $v = $_->{$k};
1392 my $r = ref $v;
1393 my $label = $self->_quote($k);
1394 if ($r eq 'ARRAY') {
fe3ae272 1395 # literal SQL with bind
1396 my ($sql, @bind) = @$v;
1397 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1398 push @sqlq, "$label = $sql";
fe3ae272 1399 push @sqlv, @bind;
96449e8e 1400 } elsif ($r eq 'SCALAR') {
fe3ae272 1401 # literal SQL without bind
96449e8e 1402 push @sqlq, "$label = $$v";
9d48860e 1403 } else {
96449e8e 1404 push @sqlq, "$label = ?";
1405 push @sqlv, $self->_bindtype($k, $v);
1406 }
1407 }
1408 push @sql, $self->_sqlcase('set'), join ', ', @sqlq;
1409 } elsif ($ref eq 'ARRAY') {
1410 # unlike insert(), assume these are ONLY the column names, i.e. for SQL
1411 for my $v (@$_) {
1412 my $r = ref $v;
fe3ae272 1413 if ($r eq 'ARRAY') { # literal SQL with bind
1414 my ($sql, @bind) = @$v;
1415 $self->_assert_bindval_matches_bindtype(@bind);
1416 push @sqlq, $sql;
1417 push @sqlv, @bind;
1418 } elsif ($r eq 'SCALAR') { # literal SQL without bind
96449e8e 1419 # embedded literal SQL
1420 push @sqlq, $$v;
9d48860e 1421 } else {
96449e8e 1422 push @sqlq, '?';
1423 push @sqlv, $v;
1424 }
1425 }
1426 push @sql, '(' . join(', ', @sqlq) . ')';
1427 } elsif ($ref eq 'SCALAR') {
1428 # literal SQL
1429 push @sql, $$_;
1430 } else {
1431 # strings get case twiddled
1432 push @sql, $self->_sqlcase($_);
1433 }
1434 }
1435
1436 my $sql = join ' ', @sql;
1437
1438 # this is pretty tricky
1439 # if ask for an array, return ($stmt, @bind)
1440 # otherwise, s/?/shift @sqlv/ to put it inline
1441 if (wantarray) {
1442 return ($sql, @sqlv);
1443 } else {
1444 1 while $sql =~ s/\?/my $d = shift(@sqlv);
1445 ref $d ? $d->[1] : $d/e;
1446 return $sql;
1447 }
1448}
1449
1450
1451sub DESTROY { 1 }
1452
1453sub AUTOLOAD {
1454 # This allows us to check for a local, then _form, attr
1455 my $self = shift;
1456 my($name) = $AUTOLOAD =~ /.*::(.+)/;
1457 return $self->generate($name, @_);
1458}
1459
14601;
1461
1462
1463
1464__END__
32eab2da 1465
1466=head1 NAME
1467
1468SQL::Abstract - Generate SQL from Perl data structures
1469
1470=head1 SYNOPSIS
1471
1472 use SQL::Abstract;
1473
1474 my $sql = SQL::Abstract->new;
1475
85783f3c 1476 my($stmt, @bind) = $sql->select($source, \@fields, \%where, $order);
32eab2da 1477
1478 my($stmt, @bind) = $sql->insert($table, \%fieldvals || \@values);
1479
1480 my($stmt, @bind) = $sql->update($table, \%fieldvals, \%where);
1481
1482 my($stmt, @bind) = $sql->delete($table, \%where);
1483
1484 # Then, use these in your DBI statements
1485 my $sth = $dbh->prepare($stmt);
1486 $sth->execute(@bind);
1487
1488 # Just generate the WHERE clause
85783f3c 1489 my($stmt, @bind) = $sql->where(\%where, $order);
32eab2da 1490
1491 # Return values in the same order, for hashed queries
1492 # See PERFORMANCE section for more details
1493 my @bind = $sql->values(\%fieldvals);
1494
1495=head1 DESCRIPTION
1496
1497This module was inspired by the excellent L<DBIx::Abstract>.
1498However, in using that module I found that what I really wanted
1499to do was generate SQL, but still retain complete control over my
1500statement handles and use the DBI interface. So, I set out to
1501create an abstract SQL generation module.
1502
1503While based on the concepts used by L<DBIx::Abstract>, there are
1504several important differences, especially when it comes to WHERE
1505clauses. I have modified the concepts used to make the SQL easier
1506to generate from Perl data structures and, IMO, more intuitive.
1507The underlying idea is for this module to do what you mean, based
1508on the data structures you provide it. The big advantage is that
1509you don't have to modify your code every time your data changes,
1510as this module figures it out.
1511
1512To begin with, an SQL INSERT is as easy as just specifying a hash
1513of C<key=value> pairs:
1514
1515 my %data = (
1516 name => 'Jimbo Bobson',
1517 phone => '123-456-7890',
1518 address => '42 Sister Lane',
1519 city => 'St. Louis',
1520 state => 'Louisiana',
1521 );
1522
1523The SQL can then be generated with this:
1524
1525 my($stmt, @bind) = $sql->insert('people', \%data);
1526
1527Which would give you something like this:
1528
1529 $stmt = "INSERT INTO people
1530 (address, city, name, phone, state)
1531 VALUES (?, ?, ?, ?, ?)";
1532 @bind = ('42 Sister Lane', 'St. Louis', 'Jimbo Bobson',
1533 '123-456-7890', 'Louisiana');
1534
1535These are then used directly in your DBI code:
1536
1537 my $sth = $dbh->prepare($stmt);
1538 $sth->execute(@bind);
1539
96449e8e 1540=head2 Inserting and Updating Arrays
1541
1542If your database has array types (like for example Postgres),
1543activate the special option C<< array_datatypes => 1 >>
9d48860e 1544when creating the C<SQL::Abstract> object.
96449e8e 1545Then you may use an arrayref to insert and update database array types:
1546
1547 my $sql = SQL::Abstract->new(array_datatypes => 1);
1548 my %data = (
1549 planets => [qw/Mercury Venus Earth Mars/]
1550 );
9d48860e 1551
96449e8e 1552 my($stmt, @bind) = $sql->insert('solar_system', \%data);
1553
1554This results in:
1555
1556 $stmt = "INSERT INTO solar_system (planets) VALUES (?)"
1557
1558 @bind = (['Mercury', 'Venus', 'Earth', 'Mars']);
1559
1560
1561=head2 Inserting and Updating SQL
1562
1563In order to apply SQL functions to elements of your C<%data> you may
1564specify a reference to an arrayref for the given hash value. For example,
1565if you need to execute the Oracle C<to_date> function on a value, you can
1566say something like this:
32eab2da 1567
1568 my %data = (
1569 name => 'Bill',
3ae1c5e2 1570 date_entered => \[ "to_date(?,'MM/DD/YYYY')", "03/02/2003" ],
9d48860e 1571 );
32eab2da 1572
1573The first value in the array is the actual SQL. Any other values are
1574optional and would be included in the bind values array. This gives
1575you:
1576
1577 my($stmt, @bind) = $sql->insert('people', \%data);
1578
9d48860e 1579 $stmt = "INSERT INTO people (name, date_entered)
32eab2da 1580 VALUES (?, to_date(?,'MM/DD/YYYY'))";
1581 @bind = ('Bill', '03/02/2003');
1582
1583An UPDATE is just as easy, all you change is the name of the function:
1584
1585 my($stmt, @bind) = $sql->update('people', \%data);
1586
1587Notice that your C<%data> isn't touched; the module will generate
1588the appropriately quirky SQL for you automatically. Usually you'll
1589want to specify a WHERE clause for your UPDATE, though, which is
1590where handling C<%where> hashes comes in handy...
1591
96449e8e 1592=head2 Complex where statements
1593
32eab2da 1594This module can generate pretty complicated WHERE statements
1595easily. For example, simple C<key=value> pairs are taken to mean
1596equality, and if you want to see if a field is within a set
1597of values, you can use an arrayref. Let's say we wanted to
1598SELECT some data based on this criteria:
1599
1600 my %where = (
1601 requestor => 'inna',
1602 worker => ['nwiger', 'rcwe', 'sfz'],
1603 status => { '!=', 'completed' }
1604 );
1605
1606 my($stmt, @bind) = $sql->select('tickets', '*', \%where);
1607
1608The above would give you something like this:
1609
1610 $stmt = "SELECT * FROM tickets WHERE
1611 ( requestor = ? ) AND ( status != ? )
1612 AND ( worker = ? OR worker = ? OR worker = ? )";
1613 @bind = ('inna', 'completed', 'nwiger', 'rcwe', 'sfz');
1614
1615Which you could then use in DBI code like so:
1616
1617 my $sth = $dbh->prepare($stmt);
1618 $sth->execute(@bind);
1619
1620Easy, eh?
1621
0da0fe34 1622=head1 METHODS
32eab2da 1623
13cc86af 1624The methods are simple. There's one for every major SQL operation,
32eab2da 1625and a constructor you use first. The arguments are specified in a
13cc86af 1626similar order for each method (table, then fields, then a where
32eab2da 1627clause) to try and simplify things.
1628
32eab2da 1629=head2 new(option => 'value')
1630
1631The C<new()> function takes a list of options and values, and returns
1632a new B<SQL::Abstract> object which can then be used to generate SQL
1633through the methods below. The options accepted are:
1634
1635=over
1636
1637=item case
1638
1639If set to 'lower', then SQL will be generated in all lowercase. By
1640default SQL is generated in "textbook" case meaning something like:
1641
1642 SELECT a_field FROM a_table WHERE some_field LIKE '%someval%'
1643
96449e8e 1644Any setting other than 'lower' is ignored.
1645
32eab2da 1646=item cmp
1647
1648This determines what the default comparison operator is. By default
1649it is C<=>, meaning that a hash like this:
1650
1651 %where = (name => 'nwiger', email => 'nate@wiger.org');
1652
1653Will generate SQL like this:
1654
1655 WHERE name = 'nwiger' AND email = 'nate@wiger.org'
1656
1657However, you may want loose comparisons by default, so if you set
1658C<cmp> to C<like> you would get SQL such as:
1659
1660 WHERE name like 'nwiger' AND email like 'nate@wiger.org'
1661
3af02ccb 1662You can also override the comparison on an individual basis - see
32eab2da 1663the huge section on L</"WHERE CLAUSES"> at the bottom.
1664
96449e8e 1665=item sqltrue, sqlfalse
1666
1667Expressions for inserting boolean values within SQL statements.
6e0c6552 1668By default these are C<1=1> and C<1=0>. They are used
1669by the special operators C<-in> and C<-not_in> for generating
1670correct SQL even when the argument is an empty array (see below).
96449e8e 1671
32eab2da 1672=item logic
1673
1674This determines the default logical operator for multiple WHERE
7cac25e6 1675statements in arrays or hashes. If absent, the default logic is "or"
1676for arrays, and "and" for hashes. This means that a WHERE
32eab2da 1677array of the form:
1678
1679 @where = (
9d48860e 1680 event_date => {'>=', '2/13/99'},
1681 event_date => {'<=', '4/24/03'},
32eab2da 1682 );
1683
7cac25e6 1684will generate SQL like this:
32eab2da 1685
1686 WHERE event_date >= '2/13/99' OR event_date <= '4/24/03'
1687
1688This is probably not what you want given this query, though (look
1689at the dates). To change the "OR" to an "AND", simply specify:
1690
1691 my $sql = SQL::Abstract->new(logic => 'and');
1692
1693Which will change the above C<WHERE> to:
1694
1695 WHERE event_date >= '2/13/99' AND event_date <= '4/24/03'
1696
96449e8e 1697The logic can also be changed locally by inserting
be21dde3 1698a modifier in front of an arrayref:
96449e8e 1699
9d48860e 1700 @where = (-and => [event_date => {'>=', '2/13/99'},
7cac25e6 1701 event_date => {'<=', '4/24/03'} ]);
96449e8e 1702
1703See the L</"WHERE CLAUSES"> section for explanations.
1704
32eab2da 1705=item convert
1706
1707This will automatically convert comparisons using the specified SQL
1708function for both column and value. This is mostly used with an argument
1709of C<upper> or C<lower>, so that the SQL will have the effect of
1710case-insensitive "searches". For example, this:
1711
1712 $sql = SQL::Abstract->new(convert => 'upper');
1713 %where = (keywords => 'MaKe iT CAse inSeNSItive');
1714
1715Will turn out the following SQL:
1716
1717 WHERE upper(keywords) like upper('MaKe iT CAse inSeNSItive')
1718
1719The conversion can be C<upper()>, C<lower()>, or any other SQL function
1720that can be applied symmetrically to fields (actually B<SQL::Abstract> does
1721not validate this option; it will just pass through what you specify verbatim).
1722
1723=item bindtype
1724
1725This is a kludge because many databases suck. For example, you can't
1726just bind values using DBI's C<execute()> for Oracle C<CLOB> or C<BLOB> fields.
1727Instead, you have to use C<bind_param()>:
1728
1729 $sth->bind_param(1, 'reg data');
1730 $sth->bind_param(2, $lots, {ora_type => ORA_CLOB});
1731
1732The problem is, B<SQL::Abstract> will normally just return a C<@bind> array,
1733which loses track of which field each slot refers to. Fear not.
1734
1735If you specify C<bindtype> in new, you can determine how C<@bind> is returned.
1736Currently, you can specify either C<normal> (default) or C<columns>. If you
1737specify C<columns>, you will get an array that looks like this:
1738
1739 my $sql = SQL::Abstract->new(bindtype => 'columns');
1740 my($stmt, @bind) = $sql->insert(...);
1741
1742 @bind = (
1743 [ 'column1', 'value1' ],
1744 [ 'column2', 'value2' ],
1745 [ 'column3', 'value3' ],
1746 );
1747
1748You can then iterate through this manually, using DBI's C<bind_param()>.
e3f9dff4 1749
32eab2da 1750 $sth->prepare($stmt);
1751 my $i = 1;
1752 for (@bind) {
1753 my($col, $data) = @$_;
1754 if ($col eq 'details' || $col eq 'comments') {
1755 $sth->bind_param($i, $data, {ora_type => ORA_CLOB});
1756 } elsif ($col eq 'image') {
1757 $sth->bind_param($i, $data, {ora_type => ORA_BLOB});
1758 } else {
1759 $sth->bind_param($i, $data);
1760 }
1761 $i++;
1762 }
1763 $sth->execute; # execute without @bind now
1764
1765Now, why would you still use B<SQL::Abstract> if you have to do this crap?
1766Basically, the advantage is still that you don't have to care which fields
1767are or are not included. You could wrap that above C<for> loop in a simple
1768sub called C<bind_fields()> or something and reuse it repeatedly. You still
1769get a layer of abstraction over manual SQL specification.
1770
3ae1c5e2 1771Note that if you set L</bindtype> to C<columns>, the C<\[ $sql, @bind ]>
deb148a2 1772construct (see L</Literal SQL with placeholders and bind values (subqueries)>)
1773will expect the bind values in this format.
1774
32eab2da 1775=item quote_char
1776
1777This is the character that a table or column name will be quoted
9d48860e 1778with. By default this is an empty string, but you could set it to
32eab2da 1779the character C<`>, to generate SQL like this:
1780
1781 SELECT `a_field` FROM `a_table` WHERE `some_field` LIKE '%someval%'
1782
96449e8e 1783Alternatively, you can supply an array ref of two items, the first being the left
1784hand quote character, and the second the right hand quote character. For
1785example, you could supply C<['[',']']> for SQL Server 2000 compliant quotes
1786that generates SQL like this:
1787
1788 SELECT [a_field] FROM [a_table] WHERE [some_field] LIKE '%someval%'
1789
9d48860e 1790Quoting is useful if you have tables or columns names that are reserved
96449e8e 1791words in your database's SQL dialect.
32eab2da 1792
46be4313 1793=item escape_char
1794
1795This is the character that will be used to escape L</quote_char>s appearing
1796in an identifier before it has been quoted.
1797
80790166 1798The parameter default in case of a single L</quote_char> character is the quote
46be4313 1799character itself.
1800
1801When opening-closing-style quoting is used (L</quote_char> is an arrayref)
9de2bd86 1802this parameter defaults to the B<closing (right)> L</quote_char>. Occurrences
46be4313 1803of the B<opening (left)> L</quote_char> within the identifier are currently left
1804untouched. The default for opening-closing-style quotes may change in future
1805versions, thus you are B<strongly encouraged> to specify the escape character
1806explicitly.
1807
32eab2da 1808=item name_sep
1809
1810This is the character that separates a table and column name. It is
1811necessary to specify this when the C<quote_char> option is selected,
1812so that tables and column names can be individually quoted like this:
1813
1814 SELECT `table`.`one_field` FROM `table` WHERE `table`.`other_field` = 1
1815
b6251592 1816=item injection_guard
1817
1818A regular expression C<qr/.../> that is applied to any C<-function> and unquoted
1819column name specified in a query structure. This is a safety mechanism to avoid
1820injection attacks when mishandling user input e.g.:
1821
1822 my %condition_as_column_value_pairs = get_values_from_user();
1823 $sqla->select( ... , \%condition_as_column_value_pairs );
1824
1825If the expression matches an exception is thrown. Note that literal SQL
1826supplied via C<\'...'> or C<\['...']> is B<not> checked in any way.
1827
1828Defaults to checking for C<;> and the C<GO> keyword (TransactSQL)
1829
96449e8e 1830=item array_datatypes
32eab2da 1831
9d48860e 1832When this option is true, arrayrefs in INSERT or UPDATE are
1833interpreted as array datatypes and are passed directly
96449e8e 1834to the DBI layer.
1835When this option is false, arrayrefs are interpreted
1836as literal SQL, just like refs to arrayrefs
1837(but this behavior is for backwards compatibility; when writing
1838new queries, use the "reference to arrayref" syntax
1839for literal SQL).
32eab2da 1840
32eab2da 1841
96449e8e 1842=item special_ops
32eab2da 1843
9d48860e 1844Takes a reference to a list of "special operators"
96449e8e 1845to extend the syntax understood by L<SQL::Abstract>.
1846See section L</"SPECIAL OPERATORS"> for details.
32eab2da 1847
59f23b3d 1848=item unary_ops
1849
9d48860e 1850Takes a reference to a list of "unary operators"
59f23b3d 1851to extend the syntax understood by L<SQL::Abstract>.
1852See section L</"UNARY OPERATORS"> for details.
1853
32eab2da 1854
32eab2da 1855
96449e8e 1856=back
32eab2da 1857
02288357 1858=head2 insert($table, \@values || \%fieldvals, \%options)
32eab2da 1859
1860This is the simplest function. You simply give it a table name
1861and either an arrayref of values or hashref of field/value pairs.
1862It returns an SQL INSERT statement and a list of bind values.
96449e8e 1863See the sections on L</"Inserting and Updating Arrays"> and
1864L</"Inserting and Updating SQL"> for information on how to insert
1865with those data types.
32eab2da 1866
02288357 1867The optional C<\%options> hash reference may contain additional
1868options to generate the insert SQL. Currently supported options
1869are:
1870
1871=over 4
1872
1873=item returning
1874
1875Takes either a scalar of raw SQL fields, or an array reference of
1876field names, and adds on an SQL C<RETURNING> statement at the end.
1877This allows you to return data generated by the insert statement
1878(such as row IDs) without performing another C<SELECT> statement.
1879Note, however, this is not part of the SQL standard and may not
1880be supported by all database engines.
1881
1882=back
1883
95904db5 1884=head2 update($table, \%fieldvals, \%where, \%options)
32eab2da 1885
1886This takes a table, hashref of field/value pairs, and an optional
86298391 1887hashref L<WHERE clause|/WHERE CLAUSES>. It returns an SQL UPDATE function and a list
32eab2da 1888of bind values.
96449e8e 1889See the sections on L</"Inserting and Updating Arrays"> and
1890L</"Inserting and Updating SQL"> for information on how to insert
1891with those data types.
32eab2da 1892
95904db5 1893The optional C<\%options> hash reference may contain additional
1894options to generate the update SQL. Currently supported options
1895are:
1896
1897=over 4
1898
1899=item returning
1900
1901See the C<returning> option to
1902L<insert|/insert($table, \@values || \%fieldvals, \%options)>.
1903
1904=back
1905
96449e8e 1906=head2 select($source, $fields, $where, $order)
32eab2da 1907
9d48860e 1908This returns a SQL SELECT statement and associated list of bind values, as
be21dde3 1909specified by the arguments:
32eab2da 1910
96449e8e 1911=over
32eab2da 1912
96449e8e 1913=item $source
32eab2da 1914
9d48860e 1915Specification of the 'FROM' part of the statement.
96449e8e 1916The argument can be either a plain scalar (interpreted as a table
1917name, will be quoted), or an arrayref (interpreted as a list
1918of table names, joined by commas, quoted), or a scalarref
063097a3 1919(literal SQL, not quoted).
32eab2da 1920
96449e8e 1921=item $fields
32eab2da 1922
9d48860e 1923Specification of the list of fields to retrieve from
96449e8e 1924the source.
1925The argument can be either an arrayref (interpreted as a list
9d48860e 1926of field names, will be joined by commas and quoted), or a
96449e8e 1927plain scalar (literal SQL, not quoted).
521647e7 1928Please observe that this API is not as flexible as that of
1929the first argument C<$source>, for backwards compatibility reasons.
32eab2da 1930
96449e8e 1931=item $where
32eab2da 1932
96449e8e 1933Optional argument to specify the WHERE part of the query.
1934The argument is most often a hashref, but can also be
9d48860e 1935an arrayref or plain scalar --
96449e8e 1936see section L<WHERE clause|/"WHERE CLAUSES"> for details.
32eab2da 1937
96449e8e 1938=item $order
32eab2da 1939
96449e8e 1940Optional argument to specify the ORDER BY part of the query.
9d48860e 1941The argument can be a scalar, a hashref or an arrayref
96449e8e 1942-- see section L<ORDER BY clause|/"ORDER BY CLAUSES">
1943for details.
32eab2da 1944
96449e8e 1945=back
32eab2da 1946
32eab2da 1947
85327cd5 1948=head2 delete($table, \%where, \%options)
32eab2da 1949
86298391 1950This takes a table name and optional hashref L<WHERE clause|/WHERE CLAUSES>.
32eab2da 1951It returns an SQL DELETE statement and list of bind values.
1952
85327cd5 1953The optional C<\%options> hash reference may contain additional
1954options to generate the delete SQL. Currently supported options
1955are:
1956
1957=over 4
1958
1959=item returning
1960
1961See the C<returning> option to
1962L<insert|/insert($table, \@values || \%fieldvals, \%options)>.
1963
1964=back
1965
85783f3c 1966=head2 where(\%where, $order)
32eab2da 1967
1968This is used to generate just the WHERE clause. For example,
1969if you have an arbitrary data structure and know what the
1970rest of your SQL is going to look like, but want an easy way
1971to produce a WHERE clause, use this. It returns an SQL WHERE
1972clause and list of bind values.
1973
32eab2da 1974
1975=head2 values(\%data)
1976
1977This just returns the values from the hash C<%data>, in the same
1978order that would be returned from any of the other above queries.
1979Using this allows you to markedly speed up your queries if you
1980are affecting lots of rows. See below under the L</"PERFORMANCE"> section.
1981
32eab2da 1982=head2 generate($any, 'number', $of, \@data, $struct, \%types)
1983
1984Warning: This is an experimental method and subject to change.
1985
1986This returns arbitrarily generated SQL. It's a really basic shortcut.
1987It will return two different things, depending on return context:
1988
1989 my($stmt, @bind) = $sql->generate('create table', \$table, \@fields);
1990 my $stmt_and_val = $sql->generate('create table', \$table, \@fields);
1991
1992These would return the following:
1993
1994 # First calling form
1995 $stmt = "CREATE TABLE test (?, ?)";
1996 @bind = (field1, field2);
1997
1998 # Second calling form
1999 $stmt_and_val = "CREATE TABLE test (field1, field2)";
2000
2001Depending on what you're trying to do, it's up to you to choose the correct
2002format. In this example, the second form is what you would want.
2003
2004By the same token:
2005
2006 $sql->generate('alter session', { nls_date_format => 'MM/YY' });
2007
2008Might give you:
2009
2010 ALTER SESSION SET nls_date_format = 'MM/YY'
2011
2012You get the idea. Strings get their case twiddled, but everything
2013else remains verbatim.
2014
0da0fe34 2015=head1 EXPORTABLE FUNCTIONS
2016
2017=head2 is_plain_value
2018
2019Determines if the supplied argument is a plain value as understood by this
2020module:
2021
2022=over
2023
2024=item * The value is C<undef>
2025
2026=item * The value is a non-reference
2027
2028=item * The value is an object with stringification overloading
2029
2030=item * The value is of the form C<< { -value => $anything } >>
2031
2032=back
2033
9de2bd86 2034On failure returns C<undef>, on success returns a B<scalar> reference
966200cc 2035to the original supplied argument.
0da0fe34 2036
843a94b5 2037=over
2038
2039=item * Note
2040
2041The stringification overloading detection is rather advanced: it takes
2042into consideration not only the presence of a C<""> overload, but if that
2043fails also checks for enabled
2044L<autogenerated versions of C<"">|overload/Magic Autogeneration>, based
2045on either C<0+> or C<bool>.
2046
2047Unfortunately testing in the field indicates that this
2048detection B<< may tickle a latent bug in perl versions before 5.018 >>,
2049but only when very large numbers of stringifying objects are involved.
2050At the time of writing ( Sep 2014 ) there is no clear explanation of
2051the direct cause, nor is there a manageably small test case that reliably
2052reproduces the problem.
2053
2054If you encounter any of the following exceptions in B<random places within
2055your application stack> - this module may be to blame:
2056
2057 Operation "ne": no method found,
2058 left argument in overloaded package <something>,
2059 right argument in overloaded package <something>
2060
2061or perhaps even
2062
2063 Stub found while resolving method "???" overloading """" in package <something>
2064
2065If you fall victim to the above - please attempt to reduce the problem
2066to something that could be sent to the L<SQL::Abstract developers
1f490ae4 2067|DBIx::Class/GETTING HELP/SUPPORT>
843a94b5 2068(either publicly or privately). As a workaround in the meantime you can
2069set C<$ENV{SQLA_ISVALUE_IGNORE_AUTOGENERATED_STRINGIFICATION}> to a true
2070value, which will most likely eliminate your problem (at the expense of
2071not being able to properly detect exotic forms of stringification).
2072
2073This notice and environment variable will be removed in a future version,
2074as soon as the underlying problem is found and a reliable workaround is
2075devised.
2076
2077=back
2078
0da0fe34 2079=head2 is_literal_value
2080
2081Determines if the supplied argument is a literal value as understood by this
2082module:
2083
2084=over
2085
2086=item * C<\$sql_string>
2087
2088=item * C<\[ $sql_string, @bind_values ]>
2089
0da0fe34 2090=back
2091
9de2bd86 2092On failure returns C<undef>, on success returns an B<array> reference
966200cc 2093containing the unpacked version of the supplied literal SQL and bind values.
0da0fe34 2094
32eab2da 2095=head1 WHERE CLAUSES
2096
96449e8e 2097=head2 Introduction
2098
32eab2da 2099This module uses a variation on the idea from L<DBIx::Abstract>. It
2100is B<NOT>, repeat I<not> 100% compatible. B<The main logic of this
2101module is that things in arrays are OR'ed, and things in hashes
2102are AND'ed.>
2103
2104The easiest way to explain is to show lots of examples. After
2105each C<%where> hash shown, it is assumed you used:
2106
2107 my($stmt, @bind) = $sql->where(\%where);
2108
2109However, note that the C<%where> hash can be used directly in any
2110of the other functions as well, as described above.
2111
96449e8e 2112=head2 Key-value pairs
2113
32eab2da 2114So, let's get started. To begin, a simple hash:
2115
2116 my %where = (
2117 user => 'nwiger',
2118 status => 'completed'
2119 );
2120
2121Is converted to SQL C<key = val> statements:
2122
2123 $stmt = "WHERE user = ? AND status = ?";
2124 @bind = ('nwiger', 'completed');
2125
2126One common thing I end up doing is having a list of values that
2127a field can be in. To do this, simply specify a list inside of
2128an arrayref:
2129
2130 my %where = (
2131 user => 'nwiger',
2132 status => ['assigned', 'in-progress', 'pending'];
2133 );
2134
2135This simple code will create the following:
9d48860e 2136
32eab2da 2137 $stmt = "WHERE user = ? AND ( status = ? OR status = ? OR status = ? )";
2138 @bind = ('nwiger', 'assigned', 'in-progress', 'pending');
2139
9d48860e 2140A field associated to an empty arrayref will be considered a
7cac25e6 2141logical false and will generate 0=1.
8a68b5be 2142
b864ba9b 2143=head2 Tests for NULL values
2144
2145If the value part is C<undef> then this is converted to SQL <IS NULL>
2146
2147 my %where = (
2148 user => 'nwiger',
2149 status => undef,
2150 );
2151
2152becomes:
2153
2154 $stmt = "WHERE user = ? AND status IS NULL";
2155 @bind = ('nwiger');
2156
e9614080 2157To test if a column IS NOT NULL:
2158
2159 my %where = (
2160 user => 'nwiger',
2161 status => { '!=', undef },
2162 );
cc422895 2163
6e0c6552 2164=head2 Specific comparison operators
96449e8e 2165
32eab2da 2166If you want to specify a different type of operator for your comparison,
2167you can use a hashref for a given column:
2168
2169 my %where = (
2170 user => 'nwiger',
2171 status => { '!=', 'completed' }
2172 );
2173
2174Which would generate:
2175
2176 $stmt = "WHERE user = ? AND status != ?";
2177 @bind = ('nwiger', 'completed');
2178
2179To test against multiple values, just enclose the values in an arrayref:
2180
96449e8e 2181 status => { '=', ['assigned', 'in-progress', 'pending'] };
2182
f2d5020d 2183Which would give you:
96449e8e 2184
2185 "WHERE status = ? OR status = ? OR status = ?"
2186
2187
2188The hashref can also contain multiple pairs, in which case it is expanded
32eab2da 2189into an C<AND> of its elements:
2190
2191 my %where = (
2192 user => 'nwiger',
2193 status => { '!=', 'completed', -not_like => 'pending%' }
2194 );
2195
2196 # Or more dynamically, like from a form
2197 $where{user} = 'nwiger';
2198 $where{status}{'!='} = 'completed';
2199 $where{status}{'-not_like'} = 'pending%';
2200
2201 # Both generate this
2202 $stmt = "WHERE user = ? AND status != ? AND status NOT LIKE ?";
2203 @bind = ('nwiger', 'completed', 'pending%');
2204
96449e8e 2205
32eab2da 2206To get an OR instead, you can combine it with the arrayref idea:
2207
2208 my %where => (
2209 user => 'nwiger',
1a6f2a03 2210 priority => [ { '=', 2 }, { '>', 5 } ]
32eab2da 2211 );
2212
2213Which would generate:
2214
1a6f2a03 2215 $stmt = "WHERE ( priority = ? OR priority > ? ) AND user = ?";
2216 @bind = ('2', '5', 'nwiger');
32eab2da 2217
44b9e502 2218If you want to include literal SQL (with or without bind values), just use a
13cc86af 2219scalar reference or reference to an arrayref as the value:
44b9e502 2220
2221 my %where = (
2222 date_entered => { '>' => \["to_date(?, 'MM/DD/YYYY')", "11/26/2008"] },
2223 date_expires => { '<' => \"now()" }
2224 );
2225
2226Which would generate:
2227
13cc86af 2228 $stmt = "WHERE date_entered > to_date(?, 'MM/DD/YYYY') AND date_expires < now()";
44b9e502 2229 @bind = ('11/26/2008');
2230
96449e8e 2231
2232=head2 Logic and nesting operators
2233
2234In the example above,
2235there is a subtle trap if you want to say something like
32eab2da 2236this (notice the C<AND>):
2237
2238 WHERE priority != ? AND priority != ?
2239
2240Because, in Perl you I<can't> do this:
2241
13cc86af 2242 priority => { '!=' => 2, '!=' => 1 }
32eab2da 2243
2244As the second C<!=> key will obliterate the first. The solution
2245is to use the special C<-modifier> form inside an arrayref:
2246
9d48860e 2247 priority => [ -and => {'!=', 2},
96449e8e 2248 {'!=', 1} ]
2249
32eab2da 2250
2251Normally, these would be joined by C<OR>, but the modifier tells it
2252to use C<AND> instead. (Hint: You can use this in conjunction with the
2253C<logic> option to C<new()> in order to change the way your queries
2254work by default.) B<Important:> Note that the C<-modifier> goes
2255B<INSIDE> the arrayref, as an extra first element. This will
2256B<NOT> do what you think it might:
2257
2258 priority => -and => [{'!=', 2}, {'!=', 1}] # WRONG!
2259
2260Here is a quick list of equivalencies, since there is some overlap:
2261
2262 # Same
2263 status => {'!=', 'completed', 'not like', 'pending%' }
2264 status => [ -and => {'!=', 'completed'}, {'not like', 'pending%'}]
2265
2266 # Same
2267 status => {'=', ['assigned', 'in-progress']}
2268 status => [ -or => {'=', 'assigned'}, {'=', 'in-progress'}]
2269 status => [ {'=', 'assigned'}, {'=', 'in-progress'} ]
2270
e3f9dff4 2271
2272
be21dde3 2273=head2 Special operators: IN, BETWEEN, etc.
96449e8e 2274
32eab2da 2275You can also use the hashref format to compare a list of fields using the
2276C<IN> comparison operator, by specifying the list as an arrayref:
2277
2278 my %where = (
2279 status => 'completed',
2280 reportid => { -in => [567, 2335, 2] }
2281 );
2282
2283Which would generate:
2284
2285 $stmt = "WHERE status = ? AND reportid IN (?,?,?)";
2286 @bind = ('completed', '567', '2335', '2');
2287
9d48860e 2288The reverse operator C<-not_in> generates SQL C<NOT IN> and is used in
96449e8e 2289the same way.
2290
6e0c6552 2291If the argument to C<-in> is an empty array, 'sqlfalse' is generated
be21dde3 2292(by default: C<1=0>). Similarly, C<< -not_in => [] >> generates
2293'sqltrue' (by default: C<1=1>).
6e0c6552 2294
e41c3bdd 2295In addition to the array you can supply a chunk of literal sql or
2296literal sql with bind:
6e0c6552 2297
e41c3bdd 2298 my %where = {
2299 customer => { -in => \[
2300 'SELECT cust_id FROM cust WHERE balance > ?',
2301 2000,
2302 ],
2303 status => { -in => \'SELECT status_codes FROM states' },
2304 };
6e0c6552 2305
e41c3bdd 2306would generate:
2307
2308 $stmt = "WHERE (
2309 customer IN ( SELECT cust_id FROM cust WHERE balance > ? )
2310 AND status IN ( SELECT status_codes FROM states )
2311 )";
2312 @bind = ('2000');
2313
0dfd2442 2314Finally, if the argument to C<-in> is not a reference, it will be
2315treated as a single-element array.
e41c3bdd 2316
2317Another pair of operators is C<-between> and C<-not_between>,
96449e8e 2318used with an arrayref of two values:
32eab2da 2319
2320 my %where = (
2321 user => 'nwiger',
2322 completion_date => {
2323 -not_between => ['2002-10-01', '2003-02-06']
2324 }
2325 );
2326
2327Would give you:
2328
2329 WHERE user = ? AND completion_date NOT BETWEEN ( ? AND ? )
2330
e41c3bdd 2331Just like with C<-in> all plausible combinations of literal SQL
2332are possible:
2333
2334 my %where = {
2335 start0 => { -between => [ 1, 2 ] },
2336 start1 => { -between => \["? AND ?", 1, 2] },
2337 start2 => { -between => \"lower(x) AND upper(y)" },
9d48860e 2338 start3 => { -between => [
e41c3bdd 2339 \"lower(x)",
2340 \["upper(?)", 'stuff' ],
2341 ] },
2342 };
2343
2344Would give you:
2345
2346 $stmt = "WHERE (
2347 ( start0 BETWEEN ? AND ? )
2348 AND ( start1 BETWEEN ? AND ? )
2349 AND ( start2 BETWEEN lower(x) AND upper(y) )
2350 AND ( start3 BETWEEN lower(x) AND upper(?) )
2351 )";
2352 @bind = (1, 2, 1, 2, 'stuff');
2353
2354
9d48860e 2355These are the two builtin "special operators"; but the
be21dde3 2356list can be expanded: see section L</"SPECIAL OPERATORS"> below.
96449e8e 2357
59f23b3d 2358=head2 Unary operators: bool
97a920ef 2359
2360If you wish to test against boolean columns or functions within your
2361database you can use the C<-bool> and C<-not_bool> operators. For
2362example to test the column C<is_user> being true and the column
827bb0eb 2363C<is_enabled> being false you would use:-
97a920ef 2364
2365 my %where = (
2366 -bool => 'is_user',
2367 -not_bool => 'is_enabled',
2368 );
2369
2370Would give you:
2371
277b5d3f 2372 WHERE is_user AND NOT is_enabled
97a920ef 2373
0b604e9d 2374If a more complex combination is required, testing more conditions,
2375then you should use the and/or operators:-
2376
2377 my %where = (
2378 -and => [
2379 -bool => 'one',
23401b81 2380 -not_bool => { two=> { -rlike => 'bar' } },
2381 -not_bool => { three => [ { '=', 2 }, { '>', 5 } ] },
0b604e9d 2382 ],
2383 );
2384
2385Would give you:
2386
23401b81 2387 WHERE
2388 one
2389 AND
2390 (NOT two RLIKE ?)
2391 AND
2392 (NOT ( three = ? OR three > ? ))
97a920ef 2393
2394
107b72f1 2395=head2 Nested conditions, -and/-or prefixes
96449e8e 2396
32eab2da 2397So far, we've seen how multiple conditions are joined with a top-level
2398C<AND>. We can change this by putting the different conditions we want in
2399hashes and then putting those hashes in an array. For example:
2400
2401 my @where = (
2402 {
2403 user => 'nwiger',
2404 status => { -like => ['pending%', 'dispatched'] },
2405 },
2406 {
2407 user => 'robot',
2408 status => 'unassigned',
2409 }
2410 );
2411
2412This data structure would create the following:
2413
2414 $stmt = "WHERE ( user = ? AND ( status LIKE ? OR status LIKE ? ) )
2415 OR ( user = ? AND status = ? ) )";
2416 @bind = ('nwiger', 'pending', 'dispatched', 'robot', 'unassigned');
2417
107b72f1 2418
48d9f5f8 2419Clauses in hashrefs or arrayrefs can be prefixed with an C<-and> or C<-or>
be21dde3 2420to change the logic inside:
32eab2da 2421
2422 my @where = (
2423 -and => [
2424 user => 'nwiger',
48d9f5f8 2425 [
2426 -and => [ workhrs => {'>', 20}, geo => 'ASIA' ],
2427 -or => { workhrs => {'<', 50}, geo => 'EURO' },
32eab2da 2428 ],
2429 ],
2430 );
2431
2432That would yield:
2433
13cc86af 2434 $stmt = "WHERE ( user = ?
2435 AND ( ( workhrs > ? AND geo = ? )
2436 OR ( workhrs < ? OR geo = ? ) ) )";
2437 @bind = ('nwiger', '20', 'ASIA', '50', 'EURO');
107b72f1 2438
cc422895 2439=head3 Algebraic inconsistency, for historical reasons
107b72f1 2440
7cac25e6 2441C<Important note>: when connecting several conditions, the C<-and->|C<-or>
2442operator goes C<outside> of the nested structure; whereas when connecting
2443several constraints on one column, the C<-and> operator goes
be21dde3 2444C<inside> the arrayref. Here is an example combining both features:
7cac25e6 2445
2446 my @where = (
2447 -and => [a => 1, b => 2],
2448 -or => [c => 3, d => 4],
2449 e => [-and => {-like => 'foo%'}, {-like => '%bar'} ]
2450 )
2451
2452yielding
2453
9d48860e 2454 WHERE ( ( ( a = ? AND b = ? )
2455 OR ( c = ? OR d = ? )
7cac25e6 2456 OR ( e LIKE ? AND e LIKE ? ) ) )
2457
107b72f1 2458This difference in syntax is unfortunate but must be preserved for
be21dde3 2459historical reasons. So be careful: the two examples below would
107b72f1 2460seem algebraically equivalent, but they are not
2461
a948b1fe 2462 { col => [ -and =>
2463 { -like => 'foo%' },
2464 { -like => '%bar' },
2465 ] }
be21dde3 2466 # yields: WHERE ( ( col LIKE ? AND col LIKE ? ) )
107b72f1 2467
a948b1fe 2468 [ -and =>
2469 { col => { -like => 'foo%' } },
2470 { col => { -like => '%bar' } },
2471 ]
be21dde3 2472 # yields: WHERE ( ( col LIKE ? OR col LIKE ? ) )
107b72f1 2473
7cac25e6 2474
cc422895 2475=head2 Literal SQL and value type operators
96449e8e 2476
cc422895 2477The basic premise of SQL::Abstract is that in WHERE specifications the "left
2478side" is a column name and the "right side" is a value (normally rendered as
2479a placeholder). This holds true for both hashrefs and arrayref pairs as you
2480see in the L</WHERE CLAUSES> examples above. Sometimes it is necessary to
2481alter this behavior. There are several ways of doing so.
e9614080 2482
cc422895 2483=head3 -ident
2484
2485This is a virtual operator that signals the string to its right side is an
2486identifier (a column name) and not a value. For example to compare two
2487columns you would write:
32eab2da 2488
e9614080 2489 my %where = (
2490 priority => { '<', 2 },
cc422895 2491 requestor => { -ident => 'submitter' },
e9614080 2492 );
2493
2494which creates:
2495
2496 $stmt = "WHERE priority < ? AND requestor = submitter";
2497 @bind = ('2');
2498
cc422895 2499If you are maintaining legacy code you may see a different construct as
2500described in L</Deprecated usage of Literal SQL>, please use C<-ident> in new
2501code.
2502
2503=head3 -value
e9614080 2504
cc422895 2505This is a virtual operator that signals that the construct to its right side
2506is a value to be passed to DBI. This is for example necessary when you want
2507to write a where clause against an array (for RDBMS that support such
2508datatypes). For example:
e9614080 2509
32eab2da 2510 my %where = (
cc422895 2511 array => { -value => [1, 2, 3] }
32eab2da 2512 );
2513
cc422895 2514will result in:
32eab2da 2515
cc422895 2516 $stmt = 'WHERE array = ?';
2517 @bind = ([1, 2, 3]);
32eab2da 2518
cc422895 2519Note that if you were to simply say:
32eab2da 2520
2521 my %where = (
cc422895 2522 array => [1, 2, 3]
32eab2da 2523 );
2524
3af02ccb 2525the result would probably not be what you wanted:
cc422895 2526
2527 $stmt = 'WHERE array = ? OR array = ? OR array = ?';
2528 @bind = (1, 2, 3);
2529
2530=head3 Literal SQL
96449e8e 2531
cc422895 2532Finally, sometimes only literal SQL will do. To include a random snippet
2533of SQL verbatim, you specify it as a scalar reference. Consider this only
2534as a last resort. Usually there is a better way. For example:
96449e8e 2535
2536 my %where = (
cc422895 2537 priority => { '<', 2 },
2538 requestor => { -in => \'(SELECT name FROM hitmen)' },
96449e8e 2539 );
2540
cc422895 2541Would create:
96449e8e 2542
cc422895 2543 $stmt = "WHERE priority < ? AND requestor IN (SELECT name FROM hitmen)"
2544 @bind = (2);
2545
2546Note that in this example, you only get one bind parameter back, since
2547the verbatim SQL is passed as part of the statement.
2548
2549=head4 CAVEAT
2550
2551 Never use untrusted input as a literal SQL argument - this is a massive
2552 security risk (there is no way to check literal snippets for SQL
2553 injections and other nastyness). If you need to deal with untrusted input
2554 use literal SQL with placeholders as described next.
96449e8e 2555
cc422895 2556=head3 Literal SQL with placeholders and bind values (subqueries)
96449e8e 2557
2558If the literal SQL to be inserted has placeholders and bind values,
2559use a reference to an arrayref (yes this is a double reference --
2560not so common, but perfectly legal Perl). For example, to find a date
2561in Postgres you can use something like this:
2562
2563 my %where = (
3ae1c5e2 2564 date_column => \[ "= date '2008-09-30' - ?::integer", 10 ]
96449e8e 2565 )
2566
2567This would create:
2568
d2a8fe1a 2569 $stmt = "WHERE ( date_column = date '2008-09-30' - ?::integer )"
96449e8e 2570 @bind = ('10');
2571
deb148a2 2572Note that you must pass the bind values in the same format as they are returned
85783f3c 2573by L<where|/where(\%where, $order)>. This means that if you set L</bindtype>
1f490ae4 2574to C<columns>, you must provide the bind values in the
2575C<< [ column_meta => value ] >> format, where C<column_meta> is an opaque
2576scalar value; most commonly the column name, but you can use any scalar value
2577(including references and blessed references), L<SQL::Abstract> will simply
2578pass it through intact. So if C<bindtype> is set to C<columns> the above
2579example will look like:
deb148a2 2580
2581 my %where = (
3ae1c5e2 2582 date_column => \[ "= date '2008-09-30' - ?::integer", [ {} => 10 ] ]
deb148a2 2583 )
96449e8e 2584
2585Literal SQL is especially useful for nesting parenthesized clauses in the
be21dde3 2586main SQL query. Here is a first example:
96449e8e 2587
2588 my ($sub_stmt, @sub_bind) = ("SELECT c1 FROM t1 WHERE c2 < ? AND c3 LIKE ?",
2589 100, "foo%");
2590 my %where = (
2591 foo => 1234,
2592 bar => \["IN ($sub_stmt)" => @sub_bind],
2593 );
2594
be21dde3 2595This yields:
96449e8e 2596
9d48860e 2597 $stmt = "WHERE (foo = ? AND bar IN (SELECT c1 FROM t1
96449e8e 2598 WHERE c2 < ? AND c3 LIKE ?))";
2599 @bind = (1234, 100, "foo%");
2600
9d48860e 2601Other subquery operators, like for example C<"E<gt> ALL"> or C<"NOT IN">,
96449e8e 2602are expressed in the same way. Of course the C<$sub_stmt> and
9d48860e 2603its associated bind values can be generated through a former call
96449e8e 2604to C<select()> :
2605
2606 my ($sub_stmt, @sub_bind)
9d48860e 2607 = $sql->select("t1", "c1", {c2 => {"<" => 100},
96449e8e 2608 c3 => {-like => "foo%"}});
2609 my %where = (
2610 foo => 1234,
2611 bar => \["> ALL ($sub_stmt)" => @sub_bind],
2612 );
2613
2614In the examples above, the subquery was used as an operator on a column;
9d48860e 2615but the same principle also applies for a clause within the main C<%where>
be21dde3 2616hash, like an EXISTS subquery:
96449e8e 2617
9d48860e 2618 my ($sub_stmt, @sub_bind)
96449e8e 2619 = $sql->select("t1", "*", {c1 => 1, c2 => \"> t0.c0"});
48d9f5f8 2620 my %where = ( -and => [
96449e8e 2621 foo => 1234,
48d9f5f8 2622 \["EXISTS ($sub_stmt)" => @sub_bind],
2623 ]);
96449e8e 2624
2625which yields
2626
9d48860e 2627 $stmt = "WHERE (foo = ? AND EXISTS (SELECT * FROM t1
96449e8e 2628 WHERE c1 = ? AND c2 > t0.c0))";
2629 @bind = (1234, 1);
2630
2631
9d48860e 2632Observe that the condition on C<c2> in the subquery refers to
be21dde3 2633column C<t0.c0> of the main query: this is I<not> a bind
9d48860e 2634value, so we have to express it through a scalar ref.
96449e8e 2635Writing C<< c2 => {">" => "t0.c0"} >> would have generated
2636C<< c2 > ? >> with bind value C<"t0.c0"> ... not exactly
2637what we wanted here.
2638
96449e8e 2639Finally, here is an example where a subquery is used
2640for expressing unary negation:
2641
9d48860e 2642 my ($sub_stmt, @sub_bind)
96449e8e 2643 = $sql->where({age => [{"<" => 10}, {">" => 20}]});
2644 $sub_stmt =~ s/^ where //i; # don't want "WHERE" in the subclause
2645 my %where = (
2646 lname => {like => '%son%'},
48d9f5f8 2647 \["NOT ($sub_stmt)" => @sub_bind],
96449e8e 2648 );
2649
2650This yields
2651
2652 $stmt = "lname LIKE ? AND NOT ( age < ? OR age > ? )"
2653 @bind = ('%son%', 10, 20)
2654
cc422895 2655=head3 Deprecated usage of Literal SQL
2656
2657Below are some examples of archaic use of literal SQL. It is shown only as
2658reference for those who deal with legacy code. Each example has a much
2659better, cleaner and safer alternative that users should opt for in new code.
2660
2661=over
2662
2663=item *
2664
2665 my %where = ( requestor => \'IS NOT NULL' )
2666
2667 $stmt = "WHERE requestor IS NOT NULL"
2668
2669This used to be the way of generating NULL comparisons, before the handling
2670of C<undef> got formalized. For new code please use the superior syntax as
2671described in L</Tests for NULL values>.
96449e8e 2672
cc422895 2673=item *
2674
2675 my %where = ( requestor => \'= submitter' )
2676
2677 $stmt = "WHERE requestor = submitter"
2678
2679This used to be the only way to compare columns. Use the superior L</-ident>
2680method for all new code. For example an identifier declared in such a way
2681will be properly quoted if L</quote_char> is properly set, while the legacy
2682form will remain as supplied.
2683
2684=item *
2685
2686 my %where = ( is_ready => \"", completed => { '>', '2012-12-21' } )
2687
2688 $stmt = "WHERE completed > ? AND is_ready"
2689 @bind = ('2012-12-21')
2690
2691Using an empty string literal used to be the only way to express a boolean.
2692For all new code please use the much more readable
2693L<-bool|/Unary operators: bool> operator.
2694
2695=back
96449e8e 2696
2697=head2 Conclusion
2698
32eab2da 2699These pages could go on for a while, since the nesting of the data
2700structures this module can handle are pretty much unlimited (the
2701module implements the C<WHERE> expansion as a recursive function
2702internally). Your best bet is to "play around" with the module a
2703little to see how the data structures behave, and choose the best
2704format for your data based on that.
2705
2706And of course, all the values above will probably be replaced with
2707variables gotten from forms or the command line. After all, if you
2708knew everything ahead of time, you wouldn't have to worry about
2709dynamically-generating SQL and could just hardwire it into your
2710script.
2711
86298391 2712=head1 ORDER BY CLAUSES
2713
9d48860e 2714Some functions take an order by clause. This can either be a scalar (just a
18710f60 2715column name), a hashref of C<< { -desc => 'col' } >> or C<< { -asc => 'col' }
2716>>, a scalarref, an arrayref-ref, or an arrayref of any of the previous
2717forms. Examples:
1cfa1db3 2718
8c15b421 2719 Given | Will Generate
18710f60 2720 ---------------------------------------------------------------
8c15b421 2721 |
2722 'colA' | ORDER BY colA
2723 |
2724 [qw/colA colB/] | ORDER BY colA, colB
2725 |
2726 {-asc => 'colA'} | ORDER BY colA ASC
2727 |
2728 {-desc => 'colB'} | ORDER BY colB DESC
2729 |
2730 ['colA', {-asc => 'colB'}] | ORDER BY colA, colB ASC
2731 |
2732 { -asc => [qw/colA colB/] } | ORDER BY colA ASC, colB ASC
2733 |
2734 \'colA DESC' | ORDER BY colA DESC
2735 |
2736 \[ 'FUNC(colA, ?)', $x ] | ORDER BY FUNC(colA, ?)
2737 | /* ...with $x bound to ? */
2738 |
bd805d85 2739 [ | ORDER BY
2740 { -asc => 'colA' }, | colA ASC,
2741 { -desc => [qw/colB/] }, | colB DESC,
2742 { -asc => [qw/colC colD/] },| colC ASC, colD ASC,
2743 \'colE DESC', | colE DESC,
2744 \[ 'FUNC(colF, ?)', $x ], | FUNC(colF, ?)
2745 ] | /* ...with $x bound to ? */
18710f60 2746 ===============================================================
86298391 2747
96449e8e 2748
2749
2750=head1 SPECIAL OPERATORS
2751
e3f9dff4 2752 my $sqlmaker = SQL::Abstract->new(special_ops => [
3a2e1a5e 2753 {
2754 regex => qr/.../,
e3f9dff4 2755 handler => sub {
2756 my ($self, $field, $op, $arg) = @_;
2757 ...
3a2e1a5e 2758 },
2759 },
2760 {
2761 regex => qr/.../,
2762 handler => 'method_name',
e3f9dff4 2763 },
2764 ]);
2765
9d48860e 2766A "special operator" is a SQL syntactic clause that can be
e3f9dff4 2767applied to a field, instead of a usual binary operator.
be21dde3 2768For example:
e3f9dff4 2769
2770 WHERE field IN (?, ?, ?)
2771 WHERE field BETWEEN ? AND ?
2772 WHERE MATCH(field) AGAINST (?, ?)
96449e8e 2773
e3f9dff4 2774Special operators IN and BETWEEN are fairly standard and therefore
3a2e1a5e 2775are builtin within C<SQL::Abstract> (as the overridable methods
2776C<_where_field_IN> and C<_where_field_BETWEEN>). For other operators,
2777like the MATCH .. AGAINST example above which is specific to MySQL,
2778you can write your own operator handlers - supply a C<special_ops>
2779argument to the C<new> method. That argument takes an arrayref of
2780operator definitions; each operator definition is a hashref with two
2781entries:
96449e8e 2782
e3f9dff4 2783=over
2784
2785=item regex
2786
2787the regular expression to match the operator
96449e8e 2788
e3f9dff4 2789=item handler
2790
3a2e1a5e 2791Either a coderef or a plain scalar method name. In both cases
2792the expected return is C<< ($sql, @bind) >>.
2793
2794When supplied with a method name, it is simply called on the
13cc86af 2795L<SQL::Abstract> object as:
3a2e1a5e 2796
ca4f826a 2797 $self->$method_name($field, $op, $arg)
3a2e1a5e 2798
2799 Where:
2800
3a2e1a5e 2801 $field is the LHS of the operator
13cc86af 2802 $op is the part that matched the handler regex
3a2e1a5e 2803 $arg is the RHS
2804
2805When supplied with a coderef, it is called as:
2806
2807 $coderef->($self, $field, $op, $arg)
2808
e3f9dff4 2809
2810=back
2811
9d48860e 2812For example, here is an implementation
e3f9dff4 2813of the MATCH .. AGAINST syntax for MySQL
2814
2815 my $sqlmaker = SQL::Abstract->new(special_ops => [
9d48860e 2816
e3f9dff4 2817 # special op for MySql MATCH (field) AGAINST(word1, word2, ...)
9d48860e 2818 {regex => qr/^match$/i,
e3f9dff4 2819 handler => sub {
2820 my ($self, $field, $op, $arg) = @_;
2821 $arg = [$arg] if not ref $arg;
2822 my $label = $self->_quote($field);
2823 my ($placeholder) = $self->_convert('?');
2824 my $placeholders = join ", ", (($placeholder) x @$arg);
2825 my $sql = $self->_sqlcase('match') . " ($label) "
2826 . $self->_sqlcase('against') . " ($placeholders) ";
2827 my @bind = $self->_bindtype($field, @$arg);
2828 return ($sql, @bind);
2829 }
2830 },
9d48860e 2831
e3f9dff4 2832 ]);
96449e8e 2833
2834
59f23b3d 2835=head1 UNARY OPERATORS
2836
112b5232 2837 my $sqlmaker = SQL::Abstract->new(unary_ops => [
59f23b3d 2838 {
2839 regex => qr/.../,
2840 handler => sub {
2841 my ($self, $op, $arg) = @_;
2842 ...
2843 },
2844 },
2845 {
2846 regex => qr/.../,
2847 handler => 'method_name',
2848 },
2849 ]);
2850
9d48860e 2851A "unary operator" is a SQL syntactic clause that can be
59f23b3d 2852applied to a field - the operator goes before the field
2853
2854You can write your own operator handlers - supply a C<unary_ops>
2855argument to the C<new> method. That argument takes an arrayref of
2856operator definitions; each operator definition is a hashref with two
2857entries:
2858
2859=over
2860
2861=item regex
2862
2863the regular expression to match the operator
2864
2865=item handler
2866
2867Either a coderef or a plain scalar method name. In both cases
2868the expected return is C<< $sql >>.
2869
2870When supplied with a method name, it is simply called on the
13cc86af 2871L<SQL::Abstract> object as:
59f23b3d 2872
ca4f826a 2873 $self->$method_name($op, $arg)
59f23b3d 2874
2875 Where:
2876
2877 $op is the part that matched the handler regex
2878 $arg is the RHS or argument of the operator
2879
2880When supplied with a coderef, it is called as:
2881
2882 $coderef->($self, $op, $arg)
2883
2884
2885=back
2886
2887
32eab2da 2888=head1 PERFORMANCE
2889
2890Thanks to some benchmarking by Mark Stosberg, it turns out that
2891this module is many orders of magnitude faster than using C<DBIx::Abstract>.
2892I must admit this wasn't an intentional design issue, but it's a
2893byproduct of the fact that you get to control your C<DBI> handles
2894yourself.
2895
2896To maximize performance, use a code snippet like the following:
2897
2898 # prepare a statement handle using the first row
2899 # and then reuse it for the rest of the rows
2900 my($sth, $stmt);
2901 for my $href (@array_of_hashrefs) {
2902 $stmt ||= $sql->insert('table', $href);
2903 $sth ||= $dbh->prepare($stmt);
2904 $sth->execute($sql->values($href));
2905 }
2906
2907The reason this works is because the keys in your C<$href> are sorted
2908internally by B<SQL::Abstract>. Thus, as long as your data retains
2909the same structure, you only have to generate the SQL the first time
2910around. On subsequent queries, simply use the C<values> function provided
2911by this module to return your values in the correct order.
2912
b864ba9b 2913However this depends on the values having the same type - if, for
2914example, the values of a where clause may either have values
2915(resulting in sql of the form C<column = ?> with a single bind
2916value), or alternatively the values might be C<undef> (resulting in
2917sql of the form C<column IS NULL> with no bind value) then the
2918caching technique suggested will not work.
96449e8e 2919
32eab2da 2920=head1 FORMBUILDER
2921
2922If you use my C<CGI::FormBuilder> module at all, you'll hopefully
2923really like this part (I do, at least). Building up a complex query
2924can be as simple as the following:
2925
2926 #!/usr/bin/perl
2927
46dc2f3e 2928 use warnings;
2929 use strict;
2930
32eab2da 2931 use CGI::FormBuilder;
2932 use SQL::Abstract;
2933
2934 my $form = CGI::FormBuilder->new(...);
2935 my $sql = SQL::Abstract->new;
2936
2937 if ($form->submitted) {
2938 my $field = $form->field;
2939 my $id = delete $field->{id};
2940 my($stmt, @bind) = $sql->update('table', $field, {id => $id});
2941 }
2942
2943Of course, you would still have to connect using C<DBI> to run the
2944query, but the point is that if you make your form look like your
2945table, the actual query script can be extremely simplistic.
2946
2947If you're B<REALLY> lazy (I am), check out C<HTML::QuickTable> for
9d48860e 2948a fast interface to returning and formatting data. I frequently
32eab2da 2949use these three modules together to write complex database query
2950apps in under 50 lines.
2951
af733667 2952=head1 HOW TO CONTRIBUTE
2953
2954Contributions are always welcome, in all usable forms (we especially
2955welcome documentation improvements). The delivery methods include git-
2956or unified-diff formatted patches, GitHub pull requests, or plain bug
2957reports either via RT or the Mailing list. Contributors are generally
2958granted full access to the official repository after their first several
2959patches pass successful review.
2960
2961This project is maintained in a git repository. The code and related tools are
2962accessible at the following locations:
d8cc1792 2963
2964=over
2965
af733667 2966=item * Official repo: L<git://git.shadowcat.co.uk/dbsrgits/SQL-Abstract.git>
2967
2968=item * Official gitweb: L<http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=dbsrgits/SQL-Abstract.git>
2969
2970=item * GitHub mirror: L<https://github.com/dbsrgits/sql-abstract>
d8cc1792 2971
af733667 2972=item * Authorized committers: L<ssh://dbsrgits@git.shadowcat.co.uk/SQL-Abstract.git>
d8cc1792 2973
2974=back
32eab2da 2975
96449e8e 2976=head1 CHANGES
2977
2978Version 1.50 was a major internal refactoring of C<SQL::Abstract>.
2979Great care has been taken to preserve the I<published> behavior
2980documented in previous versions in the 1.* family; however,
9d48860e 2981some features that were previously undocumented, or behaved
96449e8e 2982differently from the documentation, had to be changed in order
2983to clarify the semantics. Hence, client code that was relying
9d48860e 2984on some dark areas of C<SQL::Abstract> v1.*
96449e8e 2985B<might behave differently> in v1.50.
32eab2da 2986
be21dde3 2987The main changes are:
d2a8fe1a 2988
96449e8e 2989=over
32eab2da 2990
9d48860e 2991=item *
32eab2da 2992
3ae1c5e2 2993support for literal SQL through the C<< \ [ $sql, @bind ] >> syntax.
96449e8e 2994
2995=item *
2996
145fbfc8 2997support for the { operator => \"..." } construct (to embed literal SQL)
2998
2999=item *
3000
9c37b9c0 3001support for the { operator => \["...", @bind] } construct (to embed literal SQL with bind values)
3002
3003=item *
3004
96449e8e 3005optional support for L<array datatypes|/"Inserting and Updating Arrays">
3006
9d48860e 3007=item *
96449e8e 3008
be21dde3 3009defensive programming: check arguments
96449e8e 3010
3011=item *
3012
3013fixed bug with global logic, which was previously implemented
7cac25e6 3014through global variables yielding side-effects. Prior versions would
96449e8e 3015interpret C<< [ {cond1, cond2}, [cond3, cond4] ] >>
3016as C<< "(cond1 AND cond2) OR (cond3 AND cond4)" >>.
3017Now this is interpreted
3018as C<< "(cond1 AND cond2) OR (cond3 OR cond4)" >>.
3019
96449e8e 3020
3021=item *
3022
3023fixed semantics of _bindtype on array args
3024
9d48860e 3025=item *
96449e8e 3026
3027dropped the C<_anoncopy> of the %where tree. No longer necessary,
3028we just avoid shifting arrays within that tree.
3029
3030=item *
3031
3032dropped the C<_modlogic> function
3033
3034=back
32eab2da 3035
32eab2da 3036=head1 ACKNOWLEDGEMENTS
3037
3038There are a number of individuals that have really helped out with
3039this module. Unfortunately, most of them submitted bugs via CPAN
3040so I have no idea who they are! But the people I do know are:
3041
9d48860e 3042 Ash Berlin (order_by hash term support)
b643abe1 3043 Matt Trout (DBIx::Class support)
32eab2da 3044 Mark Stosberg (benchmarking)
3045 Chas Owens (initial "IN" operator support)
3046 Philip Collins (per-field SQL functions)
3047 Eric Kolve (hashref "AND" support)
3048 Mike Fragassi (enhancements to "BETWEEN" and "LIKE")
3049 Dan Kubb (support for "quote_char" and "name_sep")
f5aab26e 3050 Guillermo Roditi (patch to cleanup "IN" and "BETWEEN", fix and tests for _order_by)
48d9f5f8 3051 Laurent Dami (internal refactoring, extensible list of special operators, literal SQL)
dbdf7648 3052 Norbert Buchmuller (support for literal SQL in hashpair, misc. fixes & tests)
e96c510a 3053 Peter Rabbitson (rewrite of SQLA::Test, misc. fixes & tests)
02288357 3054 Oliver Charles (support for "RETURNING" after "INSERT")
32eab2da 3055
3056Thanks!
3057
32eab2da 3058=head1 SEE ALSO
3059
86298391 3060L<DBIx::Class>, L<DBIx::Abstract>, L<CGI::FormBuilder>, L<HTML::QuickTable>.
32eab2da 3061
32eab2da 3062=head1 AUTHOR
3063
b643abe1 3064Copyright (c) 2001-2007 Nathan Wiger <nwiger@cpan.org>. All Rights Reserved.
3065
3066This module is actively maintained by Matt Trout <mst@shadowcatsystems.co.uk>
32eab2da 3067
abe72f94 3068For support, your best bet is to try the C<DBIx::Class> users mailing list.
3069While not an official support venue, C<DBIx::Class> makes heavy use of
3070C<SQL::Abstract>, and as such list members there are very familiar with
3071how to create queries.
3072
0d067ded 3073=head1 LICENSE
3074
d988ab87 3075This module is free software; you may copy this under the same
3076terms as perl itself (either the GNU General Public License or
3077the Artistic License)
32eab2da 3078
3079=cut
Unnamed repository; edit this file 'description' to name the repository.