projects / scpubgit/Q-Branch.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
An arrayref makes sense for literals, but no sense for values
[scpubgit/Q-Branch.git] / lib / SQL / Abstract.pm
CommitLineData
96449e8e 1package SQL::Abstract; # see doc at end of file
2
96449e8e 3use strict;
4use warnings;
9d9d5bd6 5use Carp ();
312d830b 6use List::Util ();
7use Scalar::Util ();
96449e8e 8
0da0fe34 9use Exporter 'import';
10our @EXPORT_OK = qw(is_plain_value is_literal_value);
11
12BEGIN {
13 if ($] < 5.009_005) {
14 require MRO::Compat;
15 }
16 else {
17 require mro;
18 }
19}
20
96449e8e 21#======================================================================
22# GLOBALS
23#======================================================================
24
b54fd911 25our $VERSION = '1.78';
7479e27e 26
22f1a437 27# This would confuse some packagers
c520207b 28$VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
96449e8e 29
30our $AUTOLOAD;
31
32# special operators (-in, -between). May be extended/overridden by user.
33# See section WHERE: BUILTIN SPECIAL OPERATORS below for implementation
34my @BUILTIN_SPECIAL_OPS = (
b8db59b8 35 {regex => qr/^ (?: not \s )? between $/ix, handler => '_where_field_BETWEEN'},
36 {regex => qr/^ (?: not \s )? in $/ix, handler => '_where_field_IN'},
cc422895 37 {regex => qr/^ ident $/ix, handler => '_where_op_IDENT'},
38 {regex => qr/^ value $/ix, handler => '_where_op_VALUE'},
b9b5a0b1 39 {regex => qr/^ is (?: \s+ not )? $/ix, handler => '_where_field_IS'},
96449e8e 40);
41
97a920ef 42# unaryish operators - key maps to handler
59f23b3d 43my @BUILTIN_UNARY_OPS = (
a47b433a 44 # the digits are backcompat stuff
b8db59b8 45 { regex => qr/^ and (?: [_\s]? \d+ )? $/xi, handler => '_where_op_ANDOR' },
46 { regex => qr/^ or (?: [_\s]? \d+ )? $/xi, handler => '_where_op_ANDOR' },
47 { regex => qr/^ nest (?: [_\s]? \d+ )? $/xi, handler => '_where_op_NEST' },
48 { regex => qr/^ (?: not \s )? bool $/xi, handler => '_where_op_BOOL' },
cc422895 49 { regex => qr/^ ident $/xi, handler => '_where_op_IDENT' },
b9b5a0b1 50 { regex => qr/^ value $/xi, handler => '_where_op_VALUE' },
59f23b3d 51);
97a920ef 52
96449e8e 53#======================================================================
54# DEBUGGING AND ERROR REPORTING
55#======================================================================
56
57sub _debug {
58 return unless $_[0]->{debug}; shift; # a little faster
59 my $func = (caller(1))[3];
60 warn "[$func] ", @_, "\n";
61}
62
63sub belch (@) {
64 my($func) = (caller(1))[3];
9d9d5bd6 65 Carp::carp "[$func] Warning: ", @_;
96449e8e 66}
67
68sub puke (@) {
69 my($func) = (caller(1))[3];
9d9d5bd6 70 Carp::croak "[$func] Fatal: ", @_;
96449e8e 71}
72
0da0fe34 73sub is_literal_value ($) {
74 ref $_[0] eq 'SCALAR' ? [ ${$_[0]} ]
75 : ( ref $_[0] eq 'REF' and ref ${$_[0]} eq 'ARRAY' ) ? [ @${ $_[0] } ]
76 : (
77 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
78 and
79 defined $_[0]->{-ident} and ! length ref $_[0]->{-ident}
80 ) ? [ $_[0]->{-ident} ]
81 : undef;
82}
83
84# FIXME XSify - this can be done so much more efficiently
85sub is_plain_value ($) {
86 no strict 'refs';
966200cc 87 ! length ref $_[0] ? \($_[0])
0da0fe34 88 : (
89 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
90 and
91 exists $_[0]->{-value}
966200cc 92 ) ? \($_[0]->{-value})
0da0fe34 93 : (
a1c9e0ff 94 # reuse @_ for even moar speedz
95 defined ( $_[1] = Scalar::Util::blessed $_[0] )
0da0fe34 96 and
97 # deliberately not using Devel::OverloadInfo - the checks we are
98 # intersted in are much more limited than the fullblown thing, and
99 # this is a very hot piece of code
100 (
101 # FIXME - DBI needs fixing to stringify regardless of DBD
102 #
e8d729d4 103 # simply using ->can('(""') can leave behind stub methods that
104 # break actually using the overload later (see L<perldiag/Stub
105 # found while resolving method "%s" overloading "%s" in package
106 # "%s"> and the source of overload::mycan())
44e54b41 107 #
0da0fe34 108 # either has stringification which DBI SHOULD prefer out of the box
a1c9e0ff 109 grep { *{ (qq[${_}::(""]) }{CODE} } @{ $_[2] = mro::get_linear_isa( $_[1] ) }
0da0fe34 110 or
111 # has nummification and fallback is *not* disabled
0da0fe34 112 (
a1c9e0ff 113 grep { *{"${_}::(0+"}{CODE} } @{ mro::get_linear_isa( $_[1] ) }
0da0fe34 114 and
115 (
116 # no fallback specified at all
a1c9e0ff 117 ! ( ($_[3]) = grep { *{"${_}::()"}{CODE} } @{$_[2]} )
0da0fe34 118 or
119 # fallback explicitly undef
a1c9e0ff 120 ! defined ${"$_[3]::()"}
0da0fe34 121 or
122 # explicitly true
a1c9e0ff 123 !! ${"$_[3]::()"}
0da0fe34 124 )
125 )
126 )
966200cc 127 ) ? \($_[0])
0da0fe34 128 : undef;
129}
130
131
96449e8e 132
133#======================================================================
134# NEW
135#======================================================================
136
137sub new {
138 my $self = shift;
139 my $class = ref($self) || $self;
140 my %opt = (ref $_[0] eq 'HASH') ? %{$_[0]} : @_;
141
142 # choose our case by keeping an option around
143 delete $opt{case} if $opt{case} && $opt{case} ne 'lower';
144
145 # default logic for interpreting arrayrefs
ef559da3 146 $opt{logic} = $opt{logic} ? uc $opt{logic} : 'OR';
96449e8e 147
148 # how to return bind vars
96449e8e 149 $opt{bindtype} ||= 'normal';
150
151 # default comparison is "=", but can be overridden
152 $opt{cmp} ||= '=';
153
3af02ccb 154 # try to recognize which are the 'equality' and 'inequality' ops
3cdadcbe 155 # (temporary quickfix (in 2007), should go through a more seasoned API)
156 $opt{equality_op} = qr/^( \Q$opt{cmp}\E | \= )$/ix;
157 $opt{inequality_op} = qr/^( != | <> )$/ix;
158
159 $opt{like_op} = qr/^ (is\s+)? r?like $/xi;
160 $opt{not_like_op} = qr/^ (is\s+)? not \s+ r?like $/xi;
96449e8e 161
162 # SQL booleans
163 $opt{sqltrue} ||= '1=1';
164 $opt{sqlfalse} ||= '0=1';
165
9d48860e 166 # special operators
96449e8e 167 $opt{special_ops} ||= [];
b6251592 168 # regexes are applied in order, thus push after user-defines
96449e8e 169 push @{$opt{special_ops}}, @BUILTIN_SPECIAL_OPS;
170
9d48860e 171 # unary operators
59f23b3d 172 $opt{unary_ops} ||= [];
173 push @{$opt{unary_ops}}, @BUILTIN_UNARY_OPS;
174
3af02ccb 175 # rudimentary sanity-check for user supplied bits treated as functions/operators
b6251592 176 # If a purported function matches this regular expression, an exception is thrown.
177 # Literal SQL is *NOT* subject to this check, only functions (and column names
178 # when quoting is not in effect)
96449e8e 179
b6251592 180 # FIXME
181 # need to guard against ()'s in column names too, but this will break tons of
182 # hacks... ideas anyone?
183 $opt{injection_guard} ||= qr/
184 \;
185 |
186 ^ \s* go \s
187 /xmi;
96449e8e 188
b6251592 189 return bless \%opt, $class;
190}
96449e8e 191
170e6c33 192
193sub _assert_pass_injection_guard {
194 if ($_[1] =~ $_[0]->{injection_guard}) {
195 my $class = ref $_[0];
196 puke "Possible SQL injection attempt '$_[1]'. If this is indeed a part of the "
197 . "desired SQL use literal SQL ( \'...' or \[ '...' ] ) or supply your own "
198 . "{injection_guard} attribute to ${class}->new()"
199 }
200}
201
202
96449e8e 203#======================================================================
204# INSERT methods
205#======================================================================
206
207sub insert {
02288357 208 my $self = shift;
209 my $table = $self->_table(shift);
210 my $data = shift || return;
211 my $options = shift;
96449e8e 212
213 my $method = $self->_METHOD_FOR_refkind("_insert", $data);
02288357 214 my ($sql, @bind) = $self->$method($data);
96449e8e 215 $sql = join " ", $self->_sqlcase('insert into'), $table, $sql;
02288357 216
e82e648a 217 if ($options->{returning}) {
218 my ($s, @b) = $self->_insert_returning ($options);
219 $sql .= $s;
220 push @bind, @b;
02288357 221 }
222
96449e8e 223 return wantarray ? ($sql, @bind) : $sql;
224}
225
6b1fe79d 226sub _insert_returning {
e82e648a 227 my ($self, $options) = @_;
6b1fe79d 228
e82e648a 229 my $f = $options->{returning};
230
231 my $fieldlist = $self->_SWITCH_refkind($f, {
232 ARRAYREF => sub {join ', ', map { $self->_quote($_) } @$f;},
233 SCALAR => sub {$self->_quote($f)},
234 SCALARREF => sub {$$f},
6b1fe79d 235 });
e82e648a 236 return $self->_sqlcase(' returning ') . $fieldlist;
6b1fe79d 237}
238
96449e8e 239sub _insert_HASHREF { # explicit list of fields and then values
240 my ($self, $data) = @_;
241
242 my @fields = sort keys %$data;
243
fe3ae272 244 my ($sql, @bind) = $self->_insert_values($data);
96449e8e 245
246 # assemble SQL
247 $_ = $self->_quote($_) foreach @fields;
248 $sql = "( ".join(", ", @fields).") ".$sql;
249
250 return ($sql, @bind);
251}
252
253sub _insert_ARRAYREF { # just generate values(?,?) part (no list of fields)
254 my ($self, $data) = @_;
255
256 # no names (arrayref) so can't generate bindtype
257 $self->{bindtype} ne 'columns'
258 or belch "can't do 'columns' bindtype when called with arrayref";
259
fe3ae272 260 # fold the list of values into a hash of column name - value pairs
261 # (where the column names are artificially generated, and their
262 # lexicographical ordering keep the ordering of the original list)
263 my $i = "a"; # incremented values will be in lexicographical order
264 my $data_in_hash = { map { ($i++ => $_) } @$data };
265
266 return $self->_insert_values($data_in_hash);
267}
268
269sub _insert_ARRAYREFREF { # literal SQL with bind
270 my ($self, $data) = @_;
271
272 my ($sql, @bind) = @${$data};
273 $self->_assert_bindval_matches_bindtype(@bind);
274
275 return ($sql, @bind);
276}
277
278
279sub _insert_SCALARREF { # literal SQL without bind
280 my ($self, $data) = @_;
281
282 return ($$data);
283}
284
285sub _insert_values {
286 my ($self, $data) = @_;
287
96449e8e 288 my (@values, @all_bind);
fe3ae272 289 foreach my $column (sort keys %$data) {
290 my $v = $data->{$column};
96449e8e 291
292 $self->_SWITCH_refkind($v, {
293
9d48860e 294 ARRAYREF => sub {
96449e8e 295 if ($self->{array_datatypes}) { # if array datatype are activated
296 push @values, '?';
fe3ae272 297 push @all_bind, $self->_bindtype($column, $v);
96449e8e 298 }
299 else { # else literal SQL with bind
300 my ($sql, @bind) = @$v;
fe3ae272 301 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 302 push @values, $sql;
303 push @all_bind, @bind;
304 }
305 },
306
307 ARRAYREFREF => sub { # literal SQL with bind
308 my ($sql, @bind) = @${$v};
fe3ae272 309 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 310 push @values, $sql;
311 push @all_bind, @bind;
312 },
313
9d48860e 314 # THINK : anything useful to do with a HASHREF ?
5db47f9f 315 HASHREF => sub { # (nothing, but old SQLA passed it through)
316 #TODO in SQLA >= 2.0 it will die instead
317 belch "HASH ref as bind value in insert is not supported";
318 push @values, '?';
fe3ae272 319 push @all_bind, $self->_bindtype($column, $v);
5db47f9f 320 },
96449e8e 321
322 SCALARREF => sub { # literal SQL without bind
323 push @values, $$v;
324 },
325
326 SCALAR_or_UNDEF => sub {
327 push @values, '?';
fe3ae272 328 push @all_bind, $self->_bindtype($column, $v);
96449e8e 329 },
330
331 });
332
333 }
334
335 my $sql = $self->_sqlcase('values')." ( ".join(", ", @values)." )";
336 return ($sql, @all_bind);
337}
338
339
96449e8e 340
341#======================================================================
342# UPDATE methods
343#======================================================================
344
345
346sub update {
347 my $self = shift;
348 my $table = $self->_table(shift);
349 my $data = shift || return;
350 my $where = shift;
351
352 # first build the 'SET' part of the sql statement
353 my (@set, @all_bind);
354 puke "Unsupported data type specified to \$sql->update"
355 unless ref $data eq 'HASH';
356
357 for my $k (sort keys %$data) {
358 my $v = $data->{$k};
359 my $r = ref $v;
360 my $label = $self->_quote($k);
361
362 $self->_SWITCH_refkind($v, {
9d48860e 363 ARRAYREF => sub {
96449e8e 364 if ($self->{array_datatypes}) { # array datatype
365 push @set, "$label = ?";
366 push @all_bind, $self->_bindtype($k, $v);
367 }
368 else { # literal SQL with bind
369 my ($sql, @bind) = @$v;
fe3ae272 370 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 371 push @set, "$label = $sql";
fe3ae272 372 push @all_bind, @bind;
96449e8e 373 }
374 },
375 ARRAYREFREF => sub { # literal SQL with bind
376 my ($sql, @bind) = @${$v};
fe3ae272 377 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 378 push @set, "$label = $sql";
fe3ae272 379 push @all_bind, @bind;
96449e8e 380 },
381 SCALARREF => sub { # literal SQL without bind
382 push @set, "$label = $$v";
0ec3aec7 383 },
384 HASHREF => sub {
385 my ($op, $arg, @rest) = %$v;
386
387 puke 'Operator calls in update must be in the form { -op => $arg }'
388 if (@rest or not $op =~ /^\-(.+)/);
389
390 local $self->{_nested_func_lhs} = $k;
391 my ($sql, @bind) = $self->_where_unary_op ($1, $arg);
392
393 push @set, "$label = $sql";
394 push @all_bind, @bind;
395 },
96449e8e 396 SCALAR_or_UNDEF => sub {
397 push @set, "$label = ?";
398 push @all_bind, $self->_bindtype($k, $v);
399 },
400 });
401 }
402
403 # generate sql
404 my $sql = $self->_sqlcase('update') . " $table " . $self->_sqlcase('set ')
405 . join ', ', @set;
406
407 if ($where) {
408 my($where_sql, @where_bind) = $self->where($where);
409 $sql .= $where_sql;
410 push @all_bind, @where_bind;
411 }
412
413 return wantarray ? ($sql, @all_bind) : $sql;
414}
415
416
417
418
419#======================================================================
420# SELECT
421#======================================================================
422
423
424sub select {
425 my $self = shift;
426 my $table = $self->_table(shift);
427 my $fields = shift || '*';
428 my $where = shift;
429 my $order = shift;
430
431 my($where_sql, @bind) = $self->where($where, $order);
432
433 my $f = (ref $fields eq 'ARRAY') ? join ', ', map { $self->_quote($_) } @$fields
434 : $fields;
9d48860e 435 my $sql = join(' ', $self->_sqlcase('select'), $f,
96449e8e 436 $self->_sqlcase('from'), $table)
437 . $where_sql;
438
9d48860e 439 return wantarray ? ($sql, @bind) : $sql;
96449e8e 440}
441
442#======================================================================
443# DELETE
444#======================================================================
445
446
447sub delete {
448 my $self = shift;
449 my $table = $self->_table(shift);
450 my $where = shift;
451
452
453 my($where_sql, @bind) = $self->where($where);
454 my $sql = $self->_sqlcase('delete from') . " $table" . $where_sql;
455
9d48860e 456 return wantarray ? ($sql, @bind) : $sql;
96449e8e 457}
458
459
460#======================================================================
461# WHERE: entry point
462#======================================================================
463
464
465
466# Finally, a separate routine just to handle WHERE clauses
467sub where {
468 my ($self, $where, $order) = @_;
469
470 # where ?
471 my ($sql, @bind) = $self->_recurse_where($where);
472 $sql = $sql ? $self->_sqlcase(' where ') . "( $sql )" : '';
473
474 # order by?
475 if ($order) {
476 $sql .= $self->_order_by($order);
477 }
478
9d48860e 479 return wantarray ? ($sql, @bind) : $sql;
96449e8e 480}
481
482
483sub _recurse_where {
484 my ($self, $where, $logic) = @_;
485
486 # dispatch on appropriate method according to refkind of $where
487 my $method = $self->_METHOD_FOR_refkind("_where", $where);
311b2151 488
9d48860e 489 my ($sql, @bind) = $self->$method($where, $logic);
311b2151 490
9d48860e 491 # DBIx::Class directly calls _recurse_where in scalar context, so
311b2151 492 # we must implement it, even if not in the official API
9d48860e 493 return wantarray ? ($sql, @bind) : $sql;
96449e8e 494}
495
496
497
498#======================================================================
499# WHERE: top-level ARRAYREF
500#======================================================================
501
502
503sub _where_ARRAYREF {
5e1d09d5 504 my ($self, $where, $logic) = @_;
96449e8e 505
5e1d09d5 506 $logic = uc($logic || $self->{logic});
96449e8e 507 $logic eq 'AND' or $logic eq 'OR' or puke "unknown logic: $logic";
508
509 my @clauses = @$where;
510
96449e8e 511 my (@sql_clauses, @all_bind);
96449e8e 512 # need to use while() so can shift() for pairs
9d48860e 513 while (my $el = shift @clauses) {
96449e8e 514
515 # switch according to kind of $el and get corresponding ($sql, @bind)
516 my ($sql, @bind) = $self->_SWITCH_refkind($el, {
517
518 # skip empty elements, otherwise get invalid trailing AND stuff
519 ARRAYREF => sub {$self->_recurse_where($el) if @$el},
520
c94a6c93 521 ARRAYREFREF => sub {
522 my ($s, @b) = @$$el;
523 $self->_assert_bindval_matches_bindtype(@b);
524 ($s, @b);
525 },
474e3335 526
96449e8e 527 HASHREF => sub {$self->_recurse_where($el, 'and') if %$el},
96449e8e 528
529 SCALARREF => sub { ($$el); },
530
531 SCALAR => sub {# top-level arrayref with scalars, recurse in pairs
532 $self->_recurse_where({$el => shift(@clauses)})},
533
534 UNDEF => sub {puke "not supported : UNDEF in arrayref" },
535 });
536
4b7b6026 537 if ($sql) {
538 push @sql_clauses, $sql;
539 push @all_bind, @bind;
540 }
96449e8e 541 }
542
543 return $self->_join_sql_clauses($logic, \@sql_clauses, \@all_bind);
544}
545
474e3335 546#======================================================================
547# WHERE: top-level ARRAYREFREF
548#======================================================================
96449e8e 549
474e3335 550sub _where_ARRAYREFREF {
551 my ($self, $where) = @_;
c94a6c93 552 my ($sql, @bind) = @$$where;
553 $self->_assert_bindval_matches_bindtype(@bind);
474e3335 554 return ($sql, @bind);
555}
96449e8e 556
557#======================================================================
558# WHERE: top-level HASHREF
559#======================================================================
560
561sub _where_HASHREF {
562 my ($self, $where) = @_;
563 my (@sql_clauses, @all_bind);
564
2281c758 565 for my $k (sort keys %$where) {
96449e8e 566 my $v = $where->{$k};
567
2281c758 568 # ($k => $v) is either a special unary op or a regular hashpair
569 my ($sql, @bind) = do {
570 if ($k =~ /^-./) {
571 # put the operator in canonical form
572 my $op = $k;
b8db59b8 573 $op = substr $op, 1; # remove initial dash
2281c758 574 $op =~ s/^\s+|\s+$//g;# remove leading/trailing space
b8db59b8 575 $op =~ s/\s+/ /g; # compress whitespace
576
577 # so that -not_foo works correctly
578 $op =~ s/^not_/NOT /i;
2281c758 579
580 $self->_debug("Unary OP(-$op) within hashref, recursing...");
0ec3aec7 581 my ($s, @b) = $self->_where_unary_op ($op, $v);
582
583 # top level vs nested
584 # we assume that handled unary ops will take care of their ()s
585 $s = "($s)" unless (
586 List::Util::first {$op =~ $_->{regex}} @{$self->{unary_ops}}
587 or
588 defined($self->{_nested_func_lhs}) && ($self->{_nested_func_lhs} eq $k)
589 );
590 ($s, @b);
2281c758 591 }
592 else {
593 my $method = $self->_METHOD_FOR_refkind("_where_hashpair", $v);
594 $self->$method($k, $v);
595 }
596 };
96449e8e 597
598 push @sql_clauses, $sql;
599 push @all_bind, @bind;
600 }
601
602 return $self->_join_sql_clauses('and', \@sql_clauses, \@all_bind);
603}
604
0ec3aec7 605sub _where_unary_op {
2281c758 606 my ($self, $op, $rhs) = @_;
96449e8e 607
0ec3aec7 608 if (my $op_entry = List::Util::first {$op =~ $_->{regex}} @{$self->{unary_ops}}) {
609 my $handler = $op_entry->{handler};
610
611 if (not ref $handler) {
612 if ($op =~ s/ [_\s]? \d+ $//x ) {
613 belch 'Use of [and|or|nest]_N modifiers is deprecated and will be removed in SQLA v2.0. '
614 . "You probably wanted ...-and => [ -$op => COND1, -$op => COND2 ... ]";
615 }
616 return $self->$handler ($op, $rhs);
617 }
618 elsif (ref $handler eq 'CODE') {
619 return $handler->($self, $op, $rhs);
620 }
621 else {
622 puke "Illegal handler for operator $op - expecting a method name or a coderef";
623 }
624 }
625
3d86e3b1 626 $self->_debug("Generic unary OP: $op - recursing as function");
0ec3aec7 627
170e6c33 628 $self->_assert_pass_injection_guard($op);
b6251592 629
2281c758 630 my ($sql, @bind) = $self->_SWITCH_refkind ($rhs, {
631 SCALAR => sub {
a7661cfc 632 puke "Illegal use of top-level '$op'"
633 unless $self->{_nested_func_lhs};
634
635 return (
636 $self->_convert('?'),
637 $self->_bindtype($self->{_nested_func_lhs}, $rhs)
638 );
2281c758 639 },
640 FALLBACK => sub {
641 $self->_recurse_where ($rhs)
642 },
643 });
96449e8e 644
953d164e 645 $sql = sprintf ('%s %s',
2281c758 646 $self->_sqlcase($op),
953d164e 647 $sql,
2281c758 648 );
96449e8e 649
2281c758 650 return ($sql, @bind);
97a920ef 651}
652
653sub _where_op_ANDOR {
2281c758 654 my ($self, $op, $v) = @_;
97a920ef 655
656 $self->_SWITCH_refkind($v, {
657 ARRAYREF => sub {
658 return $self->_where_ARRAYREF($v, $op);
659 },
660
661 HASHREF => sub {
59f23b3d 662 return ( $op =~ /^or/i )
97a920ef 663 ? $self->_where_ARRAYREF( [ map { $_ => $v->{$_} } ( sort keys %$v ) ], $op )
664 : $self->_where_HASHREF($v);
665 },
666
9d48860e 667 SCALARREF => sub {
48d9f5f8 668 puke "-$op => \\\$scalar makes little sense, use " .
a0d6d323 669 ($op =~ /^or/i
48d9f5f8 670 ? '[ \$scalar, \%rest_of_conditions ] instead'
671 : '-and => [ \$scalar, \%rest_of_conditions ] instead'
672 );
97a920ef 673 },
674
675 ARRAYREFREF => sub {
48d9f5f8 676 puke "-$op => \\[...] makes little sense, use " .
a0d6d323 677 ($op =~ /^or/i
48d9f5f8 678 ? '[ \[...], \%rest_of_conditions ] instead'
679 : '-and => [ \[...], \%rest_of_conditions ] instead'
680 );
97a920ef 681 },
682
683 SCALAR => sub { # permissively interpreted as SQL
48d9f5f8 684 puke "-$op => \$value makes little sense, use -bool => \$value instead";
97a920ef 685 },
686
687 UNDEF => sub {
688 puke "-$op => undef not supported";
689 },
690 });
691}
692
693sub _where_op_NEST {
9d48860e 694 my ($self, $op, $v) = @_;
97a920ef 695
96449e8e 696 $self->_SWITCH_refkind($v, {
697
96449e8e 698 SCALAR => sub { # permissively interpreted as SQL
01a01e57 699 belch "literal SQL should be -nest => \\'scalar' "
700 . "instead of -nest => 'scalar' ";
9d48860e 701 return ($v);
96449e8e 702 },
703
704 UNDEF => sub {
705 puke "-$op => undef not supported";
706 },
e9501094 707
708 FALLBACK => sub {
709 $self->_recurse_where ($v);
710 },
711
96449e8e 712 });
713}
714
715
97a920ef 716sub _where_op_BOOL {
9d48860e 717 my ($self, $op, $v) = @_;
97a920ef 718
b8db59b8 719 my ($s, @b) = $self->_SWITCH_refkind($v, {
720 SCALAR => sub { # interpreted as SQL column
721 $self->_convert($self->_quote($v));
722 },
ef03f1bc 723
b8db59b8 724 UNDEF => sub {
725 puke "-$op => undef not supported";
726 },
97a920ef 727
b8db59b8 728 FALLBACK => sub {
729 $self->_recurse_where ($v);
730 },
731 });
ef03f1bc 732
b8db59b8 733 $s = "(NOT $s)" if $op =~ /^not/i;
734 ($s, @b);
97a920ef 735}
736
737
cc422895 738sub _where_op_IDENT {
739 my $self = shift;
740 my ($op, $rhs) = splice @_, -2;
8aa76984 741 if (! defined $rhs or length ref $rhs) {
742 puke "-$op requires a single plain scalar argument (a quotable identifier)";
cc422895 743 }
744
745 # in case we are called as a top level special op (no '=')
746 my $lhs = shift;
747
748 $_ = $self->_convert($self->_quote($_)) for ($lhs, $rhs);
749
750 return $lhs
751 ? "$lhs = $rhs"
752 : $rhs
753 ;
754}
755
756sub _where_op_VALUE {
757 my $self = shift;
758 my ($op, $rhs) = splice @_, -2;
759
760 # in case we are called as a top level special op (no '=')
761 my $lhs = shift;
762
422ed2de 763 # special-case NULL
764 if (! defined $rhs) {
765 return $lhs
766 ? $self->_convert($self->_quote($lhs)) . ' IS NULL'
767 : undef
768 ;
769 }
770
cc422895 771 my @bind =
772 $self->_bindtype (
773 ($lhs || $self->{_nested_func_lhs}),
774 $rhs,
775 )
776 ;
777
778 return $lhs
779 ? (
780 $self->_convert($self->_quote($lhs)) . ' = ' . $self->_convert('?'),
781 @bind
782 )
783 : (
784 $self->_convert('?'),
785 @bind,
786 )
787 ;
788}
789
96449e8e 790sub _where_hashpair_ARRAYREF {
791 my ($self, $k, $v) = @_;
792
793 if( @$v ) {
794 my @v = @$v; # need copy because of shift below
795 $self->_debug("ARRAY($k) means distribute over elements");
796
797 # put apart first element if it is an operator (-and, -or)
e3cecb45 798 my $op = (
799 (defined $v[0] && $v[0] =~ /^ - (?: AND|OR ) $/ix)
800 ? shift @v
801 : ''
04d940de 802 );
96449e8e 803 my @distributed = map { {$k => $_} } @v;
04d940de 804
805 if ($op) {
806 $self->_debug("OP($op) reinjected into the distributed array");
807 unshift @distributed, $op;
808 }
809
f67591bf 810 my $logic = $op ? substr($op, 1) : '';
96449e8e 811
f67591bf 812 return $self->_recurse_where(\@distributed, $logic);
9d48860e 813 }
96449e8e 814 else {
96449e8e 815 $self->_debug("empty ARRAY($k) means 0=1");
816 return ($self->{sqlfalse});
817 }
818}
819
820sub _where_hashpair_HASHREF {
eb49170d 821 my ($self, $k, $v, $logic) = @_;
822 $logic ||= 'and';
96449e8e 823
a7661cfc 824 local $self->{_nested_func_lhs} = $self->{_nested_func_lhs};
a7661cfc 825
eb49170d 826 my ($all_sql, @all_bind);
96449e8e 827
a47b433a 828 for my $orig_op (sort keys %$v) {
829 my $val = $v->{$orig_op};
96449e8e 830
831 # put the operator in canonical form
a47b433a 832 my $op = $orig_op;
b8db59b8 833
834 # FIXME - we need to phase out dash-less ops
835 $op =~ s/^-//; # remove possible initial dash
a47b433a 836 $op =~ s/^\s+|\s+$//g;# remove leading/trailing space
b8db59b8 837 $op =~ s/\s+/ /g; # compress whitespace
838
170e6c33 839 $self->_assert_pass_injection_guard($op);
b6251592 840
b9b5a0b1 841 # fixup is_not
842 $op =~ s/^is_not/IS NOT/i;
843
b8db59b8 844 # so that -not_foo works correctly
845 $op =~ s/^not_/NOT /i;
96449e8e 846
422ed2de 847 # another retarded special case: foo => { $op => { -value => undef } }
848 if (ref $val eq 'HASH' and keys %$val == 1 and exists $val->{-value} and ! defined $val->{-value} ) {
849 $val = undef;
850 }
851
96449e8e 852 my ($sql, @bind);
853
2281c758 854 # CASE: col-value logic modifiers
855 if ( $orig_op =~ /^ \- (and|or) $/xi ) {
856 ($sql, @bind) = $self->_where_hashpair_HASHREF($k, $val, $1);
857 }
96449e8e 858 # CASE: special operators like -in or -between
312d830b 859 elsif ( my $special_op = List::Util::first {$op =~ $_->{regex}} @{$self->{special_ops}} ) {
3a2e1a5e 860 my $handler = $special_op->{handler};
861 if (! $handler) {
a47b433a 862 puke "No handler supplied for special operator $orig_op";
3a2e1a5e 863 }
864 elsif (not ref $handler) {
865 ($sql, @bind) = $self->$handler ($k, $op, $val);
866 }
867 elsif (ref $handler eq 'CODE') {
868 ($sql, @bind) = $handler->($self, $k, $op, $val);
869 }
870 else {
a47b433a 871 puke "Illegal handler for special operator $orig_op - expecting a method name or a coderef";
3a2e1a5e 872 }
96449e8e 873 }
96449e8e 874 else {
cf838930 875 $self->_SWITCH_refkind($val, {
876
877 ARRAYREF => sub { # CASE: col => {op => \@vals}
878 ($sql, @bind) = $self->_where_field_op_ARRAYREF($k, $op, $val);
879 },
880
fe3ae272 881 ARRAYREFREF => sub { # CASE: col => {op => \[$sql, @bind]} (literal SQL with bind)
b3be7bd0 882 my ($sub_sql, @sub_bind) = @$$val;
fe3ae272 883 $self->_assert_bindval_matches_bindtype(@sub_bind);
b3be7bd0 884 $sql = join ' ', $self->_convert($self->_quote($k)),
885 $self->_sqlcase($op),
886 $sub_sql;
fe3ae272 887 @bind = @sub_bind;
b3be7bd0 888 },
889
cf838930 890 UNDEF => sub { # CASE: col => {op => undef} : sql "IS (NOT)? NULL"
3cdadcbe 891 my $is =
40f2f231 892 $op =~ /^not$/i ? 'is not' # legacy
893 : $op =~ $self->{equality_op} ? 'is'
3cdadcbe 894 : $op =~ $self->{like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is'
895 : $op =~ $self->{inequality_op} ? 'is not'
896 : $op =~ $self->{not_like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is not'
897 : puke "unexpected operator '$orig_op' with undef operand";
898
cf838930 899 $sql = $self->_quote($k) . $self->_sqlcase(" $is null");
900 },
a47b433a 901
2281c758 902 FALLBACK => sub { # CASE: col => {op/func => $stuff}
07936978 903
953d164e 904 # retain for proper column type bind
905 $self->{_nested_func_lhs} ||= $k;
07936978 906
0ec3aec7 907 ($sql, @bind) = $self->_where_unary_op ($op, $val);
953d164e 908
909 $sql = join (' ',
910 $self->_convert($self->_quote($k)),
911 $self->{_nested_func_lhs} eq $k ? $sql : "($sql)", # top level vs nested
912 );
cf838930 913 },
914 });
96449e8e 915 }
916
eb49170d 917 ($all_sql) = (defined $all_sql and $all_sql) ? $self->_join_sql_clauses($logic, [$all_sql, $sql], []) : $sql;
96449e8e 918 push @all_bind, @bind;
919 }
eb49170d 920 return ($all_sql, @all_bind);
96449e8e 921}
922
b9b5a0b1 923sub _where_field_IS {
924 my ($self, $k, $op, $v) = @_;
925
926 my ($s) = $self->_SWITCH_refkind($v, {
927 UNDEF => sub {
928 join ' ',
929 $self->_convert($self->_quote($k)),
930 map { $self->_sqlcase($_)} ($op, 'null')
931 },
932 FALLBACK => sub {
933 puke "$op can only take undef as argument";
934 },
935 });
96449e8e 936
b9b5a0b1 937 $s;
938}
96449e8e 939
940sub _where_field_op_ARRAYREF {
941 my ($self, $k, $op, $vals) = @_;
942
ce261791 943 my @vals = @$vals; #always work on a copy
944
945 if(@vals) {
bd6a65ca 946 $self->_debug(sprintf '%s means multiple elements: [ %s ]',
947 $vals,
948 join (', ', map { defined $_ ? "'$_'" : 'NULL' } @vals ),
949 );
96449e8e 950
4030915f 951 # see if the first element is an -and/-or op
952 my $logic;
bd6a65ca 953 if (defined $vals[0] && $vals[0] =~ /^ - ( AND|OR ) $/ix) {
4030915f 954 $logic = uc $1;
ce261791 955 shift @vals;
4030915f 956 }
957
3cdadcbe 958 # a long standing API wart - an attempt to change this behavior during
959 # the 1.50 series failed *spectacularly*. Warn instead and leave the
960 # behavior as is
961 if (
962 @vals > 1
963 and
964 (!$logic or $logic eq 'OR')
965 and
966 ( $op =~ $self->{inequality_op} or $op =~ $self->{not_like_op} )
967 ) {
968 my $o = uc($op);
969 belch "A multi-element arrayref as an argument to the inequality op '$o' "
970 . 'is technically equivalent to an always-true 1=1 (you probably wanted '
971 . "to say ...{ \$inequality_op => [ -and => \@values ] }... instead)"
972 ;
973 }
974
ce261791 975 # distribute $op over each remaining member of @vals, append logic if exists
976 return $self->_recurse_where([map { {$k => {$op, $_}} } @vals], $logic);
4030915f 977
9d48860e 978 }
96449e8e 979 else {
9d48860e 980 # try to DWIM on equality operators
3cdadcbe 981 return
982 $op =~ $self->{equality_op} ? $self->{sqlfalse}
983 : $op =~ $self->{like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->{sqlfalse}
984 : $op =~ $self->{inequality_op} ? $self->{sqltrue}
985 : $op =~ $self->{not_like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->{sqltrue}
986 : puke "operator '$op' applied on an empty array (field '$k')";
96449e8e 987 }
988}
989
990
991sub _where_hashpair_SCALARREF {
992 my ($self, $k, $v) = @_;
993 $self->_debug("SCALAR($k) means literal SQL: $$v");
994 my $sql = $self->_quote($k) . " " . $$v;
995 return ($sql);
996}
997
fe3ae272 998# literal SQL with bind
96449e8e 999sub _where_hashpair_ARRAYREFREF {
1000 my ($self, $k, $v) = @_;
1001 $self->_debug("REF($k) means literal SQL: @${$v}");
c94a6c93 1002 my ($sql, @bind) = @$$v;
fe3ae272 1003 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1004 $sql = $self->_quote($k) . " " . $sql;
96449e8e 1005 return ($sql, @bind );
1006}
1007
fe3ae272 1008# literal SQL without bind
96449e8e 1009sub _where_hashpair_SCALAR {
1010 my ($self, $k, $v) = @_;
1011 $self->_debug("NOREF($k) means simple key=val: $k $self->{cmp} $v");
9d48860e 1012 my $sql = join ' ', $self->_convert($self->_quote($k)),
1013 $self->_sqlcase($self->{cmp}),
96449e8e 1014 $self->_convert('?');
1015 my @bind = $self->_bindtype($k, $v);
1016 return ( $sql, @bind);
1017}
1018
1019
1020sub _where_hashpair_UNDEF {
1021 my ($self, $k, $v) = @_;
1022 $self->_debug("UNDEF($k) means IS NULL");
1023 my $sql = $self->_quote($k) . $self->_sqlcase(' is null');
1024 return ($sql);
1025}
1026
1027#======================================================================
1028# WHERE: TOP-LEVEL OTHERS (SCALARREF, SCALAR, UNDEF)
1029#======================================================================
1030
1031
1032sub _where_SCALARREF {
1033 my ($self, $where) = @_;
1034
1035 # literal sql
1036 $self->_debug("SCALAR(*top) means literal SQL: $$where");
1037 return ($$where);
1038}
1039
1040
1041sub _where_SCALAR {
1042 my ($self, $where) = @_;
1043
1044 # literal sql
1045 $self->_debug("NOREF(*top) means literal SQL: $where");
1046 return ($where);
1047}
1048
1049
1050sub _where_UNDEF {
1051 my ($self) = @_;
1052 return ();
1053}
1054
1055
1056#======================================================================
1057# WHERE: BUILTIN SPECIAL OPERATORS (-in, -between)
1058#======================================================================
1059
1060
1061sub _where_field_BETWEEN {
1062 my ($self, $k, $op, $vals) = @_;
1063
4d8b3dc4 1064 my ($label, $and, $placeholder);
cf02fc47 1065 $label = $self->_convert($self->_quote($k));
1066 $and = ' ' . $self->_sqlcase('and') . ' ';
1067 $placeholder = $self->_convert('?');
96449e8e 1068 $op = $self->_sqlcase($op);
1069
7f54040f 1070 my $invalid_args = "Operator '$op' requires either an arrayref with two defined values or expressions, or a single literal scalarref/arrayref-ref";
1071
4d8b3dc4 1072 my ($clause, @bind) = $self->_SWITCH_refkind($vals, {
1073 ARRAYREFREF => sub {
c94a6c93 1074 my ($s, @b) = @$$vals;
1075 $self->_assert_bindval_matches_bindtype(@b);
1076 ($s, @b);
4d8b3dc4 1077 },
1078 SCALARREF => sub {
1079 return $$vals;
1080 },
1081 ARRAYREF => sub {
7f54040f 1082 puke $invalid_args if @$vals != 2;
4d8b3dc4 1083
1084 my (@all_sql, @all_bind);
1085 foreach my $val (@$vals) {
1086 my ($sql, @bind) = $self->_SWITCH_refkind($val, {
1087 SCALAR => sub {
5e5cbf51 1088 return ($placeholder, $self->_bindtype($k, $val) );
4d8b3dc4 1089 },
1090 SCALARREF => sub {
0336eddb 1091 return $$val;
4d8b3dc4 1092 },
1093 ARRAYREFREF => sub {
1094 my ($sql, @bind) = @$$val;
c94a6c93 1095 $self->_assert_bindval_matches_bindtype(@bind);
0336eddb 1096 return ($sql, @bind);
4d8b3dc4 1097 },
0336eddb 1098 HASHREF => sub {
1099 my ($func, $arg, @rest) = %$val;
1100 puke ("Only simple { -func => arg } functions accepted as sub-arguments to BETWEEN")
1101 if (@rest or $func !~ /^ \- (.+)/x);
1102 local $self->{_nested_func_lhs} = $k;
0ec3aec7 1103 $self->_where_unary_op ($1 => $arg);
7f54040f 1104 },
1105 FALLBACK => sub {
1106 puke $invalid_args,
1107 },
4d8b3dc4 1108 });
1109 push @all_sql, $sql;
1110 push @all_bind, @bind;
1111 }
1112
1113 return (
1114 (join $and, @all_sql),
5e5cbf51 1115 @all_bind
4d8b3dc4 1116 );
1117 },
1118 FALLBACK => sub {
7f54040f 1119 puke $invalid_args,
4d8b3dc4 1120 },
1121 });
cf02fc47 1122
cf02fc47 1123 my $sql = "( $label $op $clause )";
96449e8e 1124 return ($sql, @bind)
1125}
1126
1127
1128sub _where_field_IN {
1129 my ($self, $k, $op, $vals) = @_;
1130
1131 # backwards compatibility : if scalar, force into an arrayref
1132 $vals = [$vals] if defined $vals && ! ref $vals;
1133
96449e8e 1134 my ($label) = $self->_convert($self->_quote($k));
1135 my ($placeholder) = $self->_convert('?');
96449e8e 1136 $op = $self->_sqlcase($op);
1137
8a0d798a 1138 my ($sql, @bind) = $self->_SWITCH_refkind($vals, {
1139 ARRAYREF => sub { # list of choices
1140 if (@$vals) { # nonempty list
0336eddb 1141 my (@all_sql, @all_bind);
1142
1143 for my $val (@$vals) {
1144 my ($sql, @bind) = $self->_SWITCH_refkind($val, {
1145 SCALAR => sub {
1146 return ($placeholder, $val);
1147 },
1148 SCALARREF => sub {
1149 return $$val;
1150 },
1151 ARRAYREFREF => sub {
1152 my ($sql, @bind) = @$$val;
1153 $self->_assert_bindval_matches_bindtype(@bind);
1154 return ($sql, @bind);
1155 },
1156 HASHREF => sub {
1157 my ($func, $arg, @rest) = %$val;
1158 puke ("Only simple { -func => arg } functions accepted as sub-arguments to IN")
1159 if (@rest or $func !~ /^ \- (.+)/x);
1160 local $self->{_nested_func_lhs} = $k;
0ec3aec7 1161 $self->_where_unary_op ($1 => $arg);
279eb282 1162 },
1163 UNDEF => sub {
032dfe20 1164 puke(
1165 'SQL::Abstract before v1.75 used to generate incorrect SQL when the '
1166 . "-$op operator was given an undef-containing list: !!!AUDIT YOUR CODE "
1167 . 'AND DATA!!! (the upcoming Data::Query-based version of SQL::Abstract '
1168 . 'will emit the logically correct SQL instead of raising this exception)'
1169 );
279eb282 1170 },
0336eddb 1171 });
1172 push @all_sql, $sql;
1173 push @all_bind, @bind;
1174 }
96449e8e 1175
88a89939 1176 return (
1177 sprintf ('%s %s ( %s )',
1178 $label,
1179 $op,
1180 join (', ', @all_sql)
1181 ),
1182 $self->_bindtype($k, @all_bind),
0336eddb 1183 );
8a0d798a 1184 }
1185 else { # empty list : some databases won't understand "IN ()", so DWIM
1186 my $sql = ($op =~ /\bnot\b/i) ? $self->{sqltrue} : $self->{sqlfalse};
1187 return ($sql);
1188 }
1189 },
1190
4a1f01a3 1191 SCALARREF => sub { # literal SQL
1192 my $sql = $self->_open_outer_paren ($$vals);
1193 return ("$label $op ( $sql )");
1194 },
8a0d798a 1195 ARRAYREFREF => sub { # literal SQL with bind
1196 my ($sql, @bind) = @$$vals;
fe3ae272 1197 $self->_assert_bindval_matches_bindtype(@bind);
4a1f01a3 1198 $sql = $self->_open_outer_paren ($sql);
8a0d798a 1199 return ("$label $op ( $sql )", @bind);
1200 },
1201
ff8ca6b4 1202 UNDEF => sub {
1203 puke "Argument passed to the '$op' operator can not be undefined";
1204 },
1205
8a0d798a 1206 FALLBACK => sub {
ff8ca6b4 1207 puke "special op $op requires an arrayref (or scalarref/arrayref-ref)";
8a0d798a 1208 },
1209 });
1210
1211 return ($sql, @bind);
96449e8e 1212}
1213
4a1f01a3 1214# Some databases (SQLite) treat col IN (1, 2) different from
1215# col IN ( (1, 2) ). Use this to strip all outer parens while
1216# adding them back in the corresponding method
1217sub _open_outer_paren {
1218 my ($self, $sql) = @_;
171a709f 1219 $sql = $1 while $sql =~ /^ \s* \( (.*) \) \s* $/xs;
4a1f01a3 1220 return $sql;
1221}
1222
96449e8e 1223
96449e8e 1224#======================================================================
1225# ORDER BY
1226#======================================================================
1227
1228sub _order_by {
1229 my ($self, $arg) = @_;
1230
f267b646 1231 my (@sql, @bind);
1232 for my $c ($self->_order_by_chunks ($arg) ) {
1233 $self->_SWITCH_refkind ($c, {
1234 SCALAR => sub { push @sql, $c },
1235 ARRAYREF => sub { push @sql, shift @$c; push @bind, @$c },
1236 });
1237 }
1238
1239 my $sql = @sql
1240 ? sprintf ('%s %s',
1241 $self->_sqlcase(' order by'),
1242 join (', ', @sql)
1243 )
1244 : ''
1245 ;
1246
1247 return wantarray ? ($sql, @bind) : $sql;
1248}
1249
1250sub _order_by_chunks {
1251 my ($self, $arg) = @_;
1252
1253 return $self->_SWITCH_refkind($arg, {
96449e8e 1254
1255 ARRAYREF => sub {
f267b646 1256 map { $self->_order_by_chunks ($_ ) } @$arg;
96449e8e 1257 },
1258
c94a6c93 1259 ARRAYREFREF => sub {
1260 my ($s, @b) = @$$arg;
1261 $self->_assert_bindval_matches_bindtype(@b);
1262 [ $s, @b ];
1263 },
f267b646 1264
96449e8e 1265 SCALAR => sub {$self->_quote($arg)},
f267b646 1266
1267 UNDEF => sub {return () },
1268
96449e8e 1269 SCALARREF => sub {$$arg}, # literal SQL, no quoting
96449e8e 1270
f267b646 1271 HASHREF => sub {
5e436130 1272 # get first pair in hash
1273 my ($key, $val, @rest) = %$arg;
1274
1275 return () unless $key;
1276
1277 if ( @rest or not $key =~ /^-(desc|asc)/i ) {
1278 puke "hash passed to _order_by must have exactly one key (-desc or -asc)";
f267b646 1279 }
5e436130 1280
1281 my $direction = $1;
96449e8e 1282
e9bd3547 1283 my @ret;
f267b646 1284 for my $c ($self->_order_by_chunks ($val)) {
e9bd3547 1285 my ($sql, @bind);
96449e8e 1286
f267b646 1287 $self->_SWITCH_refkind ($c, {
1288 SCALAR => sub {
e9bd3547 1289 $sql = $c;
f267b646 1290 },
1291 ARRAYREF => sub {
e9bd3547 1292 ($sql, @bind) = @$c;
f267b646 1293 },
1294 });
96449e8e 1295
5e436130 1296 $sql = $sql . ' ' . $self->_sqlcase($direction);
96449e8e 1297
e9bd3547 1298 push @ret, [ $sql, @bind];
1299 }
96449e8e 1300
e9bd3547 1301 return @ret;
f267b646 1302 },
1303 });
96449e8e 1304}
1305
1306
96449e8e 1307#======================================================================
1308# DATASOURCE (FOR NOW, JUST PLAIN TABLE OR LIST OF TABLES)
1309#======================================================================
1310
1311sub _table {
1312 my $self = shift;
1313 my $from = shift;
1314 $self->_SWITCH_refkind($from, {
1315 ARRAYREF => sub {join ', ', map { $self->_quote($_) } @$from;},
1316 SCALAR => sub {$self->_quote($from)},
1317 SCALARREF => sub {$$from},
96449e8e 1318 });
1319}
1320
1321
1322#======================================================================
1323# UTILITY FUNCTIONS
1324#======================================================================
1325
955e77ca 1326# highly optimized, as it's called way too often
96449e8e 1327sub _quote {
955e77ca 1328 # my ($self, $label) = @_;
96449e8e 1329
955e77ca 1330 return '' unless defined $_[1];
955e77ca 1331 return ${$_[1]} if ref($_[1]) eq 'SCALAR';
96449e8e 1332
b6251592 1333 unless ($_[0]->{quote_char}) {
170e6c33 1334 $_[0]->_assert_pass_injection_guard($_[1]);
b6251592 1335 return $_[1];
1336 }
96449e8e 1337
07d7c35c 1338 my $qref = ref $_[0]->{quote_char};
955e77ca 1339 my ($l, $r);
07d7c35c 1340 if (!$qref) {
1341 ($l, $r) = ( $_[0]->{quote_char}, $_[0]->{quote_char} );
955e77ca 1342 }
07d7c35c 1343 elsif ($qref eq 'ARRAY') {
1344 ($l, $r) = @{$_[0]->{quote_char}};
955e77ca 1345 }
1346 else {
1347 puke "Unsupported quote_char format: $_[0]->{quote_char}";
1348 }
46be4313 1349 my $esc = $_[0]->{escape_char} || $r;
96449e8e 1350
07d7c35c 1351 # parts containing * are naturally unquoted
1352 return join( $_[0]->{name_sep}||'', map
46be4313 1353 { $_ eq '*' ? $_ : do { (my $n = $_) =~ s/(\Q$esc\E|\Q$r\E)/$esc$1/g; $l . $n . $r } }
955e77ca 1354 ( $_[0]->{name_sep} ? split (/\Q$_[0]->{name_sep}\E/, $_[1] ) : $_[1] )
1355 );
96449e8e 1356}
1357
1358
1359# Conversion, if applicable
1360sub _convert ($) {
07d7c35c 1361 #my ($self, $arg) = @_;
07d7c35c 1362 if ($_[0]->{convert}) {
1363 return $_[0]->_sqlcase($_[0]->{convert}) .'(' . $_[1] . ')';
96449e8e 1364 }
07d7c35c 1365 return $_[1];
96449e8e 1366}
1367
1368# And bindtype
1369sub _bindtype (@) {
07d7c35c 1370 #my ($self, $col, @vals) = @_;
07d7c35c 1371 # called often - tighten code
1372 return $_[0]->{bindtype} eq 'columns'
1373 ? map {[$_[1], $_]} @_[2 .. $#_]
1374 : @_[2 .. $#_]
1375 ;
96449e8e 1376}
1377
fe3ae272 1378# Dies if any element of @bind is not in [colname => value] format
1379# if bindtype is 'columns'.
1380sub _assert_bindval_matches_bindtype {
c94a6c93 1381# my ($self, @bind) = @_;
1382 my $self = shift;
fe3ae272 1383 if ($self->{bindtype} eq 'columns') {
c94a6c93 1384 for (@_) {
1385 if (!defined $_ || ref($_) ne 'ARRAY' || @$_ != 2) {
3a06278c 1386 puke "bindtype 'columns' selected, you need to pass: [column_name => bind_value]"
fe3ae272 1387 }
1388 }
1389 }
1390}
1391
96449e8e 1392sub _join_sql_clauses {
1393 my ($self, $logic, $clauses_aref, $bind_aref) = @_;
1394
1395 if (@$clauses_aref > 1) {
1396 my $join = " " . $self->_sqlcase($logic) . " ";
1397 my $sql = '( ' . join($join, @$clauses_aref) . ' )';
1398 return ($sql, @$bind_aref);
1399 }
1400 elsif (@$clauses_aref) {
1401 return ($clauses_aref->[0], @$bind_aref); # no parentheses
1402 }
1403 else {
1404 return (); # if no SQL, ignore @$bind_aref
1405 }
1406}
1407
1408
1409# Fix SQL case, if so requested
1410sub _sqlcase {
96449e8e 1411 # LDNOTE: if $self->{case} is true, then it contains 'lower', so we
1412 # don't touch the argument ... crooked logic, but let's not change it!
07d7c35c 1413 return $_[0]->{case} ? $_[1] : uc($_[1]);
96449e8e 1414}
1415
1416
1417#======================================================================
1418# DISPATCHING FROM REFKIND
1419#======================================================================
1420
1421sub _refkind {
1422 my ($self, $data) = @_;
96449e8e 1423
955e77ca 1424 return 'UNDEF' unless defined $data;
1425
1426 # blessed objects are treated like scalars
1427 my $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1428
1429 return 'SCALAR' unless $ref;
1430
1431 my $n_steps = 1;
1432 while ($ref eq 'REF') {
96449e8e 1433 $data = $$data;
955e77ca 1434 $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1435 $n_steps++ if $ref;
96449e8e 1436 }
1437
848556bc 1438 return ($ref||'SCALAR') . ('REF' x $n_steps);
96449e8e 1439}
1440
1441sub _try_refkind {
1442 my ($self, $data) = @_;
1443 my @try = ($self->_refkind($data));
1444 push @try, 'SCALAR_or_UNDEF' if $try[0] eq 'SCALAR' || $try[0] eq 'UNDEF';
1445 push @try, 'FALLBACK';
955e77ca 1446 return \@try;
96449e8e 1447}
1448
1449sub _METHOD_FOR_refkind {
1450 my ($self, $meth_prefix, $data) = @_;
f39eaa60 1451
1452 my $method;
955e77ca 1453 for (@{$self->_try_refkind($data)}) {
f39eaa60 1454 $method = $self->can($meth_prefix."_".$_)
1455 and last;
1456 }
1457
1458 return $method || puke "cannot dispatch on '$meth_prefix' for ".$self->_refkind($data);
96449e8e 1459}
1460
1461
1462sub _SWITCH_refkind {
1463 my ($self, $data, $dispatch_table) = @_;
1464
f39eaa60 1465 my $coderef;
955e77ca 1466 for (@{$self->_try_refkind($data)}) {
f39eaa60 1467 $coderef = $dispatch_table->{$_}
1468 and last;
1469 }
1470
1471 puke "no dispatch entry for ".$self->_refkind($data)
1472 unless $coderef;
1473
96449e8e 1474 $coderef->();
1475}
1476
1477
1478
1479
1480#======================================================================
1481# VALUES, GENERATE, AUTOLOAD
1482#======================================================================
1483
1484# LDNOTE: original code from nwiger, didn't touch code in that section
1485# I feel the AUTOLOAD stuff should not be the default, it should
1486# only be activated on explicit demand by user.
1487
1488sub values {
1489 my $self = shift;
1490 my $data = shift || return;
1491 puke "Argument to ", __PACKAGE__, "->values must be a \\%hash"
1492 unless ref $data eq 'HASH';
bab725ce 1493
1494 my @all_bind;
1495 foreach my $k ( sort keys %$data ) {
1496 my $v = $data->{$k};
1497 $self->_SWITCH_refkind($v, {
9d48860e 1498 ARRAYREF => sub {
bab725ce 1499 if ($self->{array_datatypes}) { # array datatype
1500 push @all_bind, $self->_bindtype($k, $v);
1501 }
1502 else { # literal SQL with bind
1503 my ($sql, @bind) = @$v;
1504 $self->_assert_bindval_matches_bindtype(@bind);
1505 push @all_bind, @bind;
1506 }
1507 },
1508 ARRAYREFREF => sub { # literal SQL with bind
1509 my ($sql, @bind) = @${$v};
1510 $self->_assert_bindval_matches_bindtype(@bind);
1511 push @all_bind, @bind;
1512 },
1513 SCALARREF => sub { # literal SQL without bind
1514 },
1515 SCALAR_or_UNDEF => sub {
1516 push @all_bind, $self->_bindtype($k, $v);
1517 },
1518 });
1519 }
1520
1521 return @all_bind;
96449e8e 1522}
1523
1524sub generate {
1525 my $self = shift;
1526
1527 my(@sql, @sqlq, @sqlv);
1528
1529 for (@_) {
1530 my $ref = ref $_;
1531 if ($ref eq 'HASH') {
1532 for my $k (sort keys %$_) {
1533 my $v = $_->{$k};
1534 my $r = ref $v;
1535 my $label = $self->_quote($k);
1536 if ($r eq 'ARRAY') {
fe3ae272 1537 # literal SQL with bind
1538 my ($sql, @bind) = @$v;
1539 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1540 push @sqlq, "$label = $sql";
fe3ae272 1541 push @sqlv, @bind;
96449e8e 1542 } elsif ($r eq 'SCALAR') {
fe3ae272 1543 # literal SQL without bind
96449e8e 1544 push @sqlq, "$label = $$v";
9d48860e 1545 } else {
96449e8e 1546 push @sqlq, "$label = ?";
1547 push @sqlv, $self->_bindtype($k, $v);
1548 }
1549 }
1550 push @sql, $self->_sqlcase('set'), join ', ', @sqlq;
1551 } elsif ($ref eq 'ARRAY') {
1552 # unlike insert(), assume these are ONLY the column names, i.e. for SQL
1553 for my $v (@$_) {
1554 my $r = ref $v;
fe3ae272 1555 if ($r eq 'ARRAY') { # literal SQL with bind
1556 my ($sql, @bind) = @$v;
1557 $self->_assert_bindval_matches_bindtype(@bind);
1558 push @sqlq, $sql;
1559 push @sqlv, @bind;
1560 } elsif ($r eq 'SCALAR') { # literal SQL without bind
96449e8e 1561 # embedded literal SQL
1562 push @sqlq, $$v;
9d48860e 1563 } else {
96449e8e 1564 push @sqlq, '?';
1565 push @sqlv, $v;
1566 }
1567 }
1568 push @sql, '(' . join(', ', @sqlq) . ')';
1569 } elsif ($ref eq 'SCALAR') {
1570 # literal SQL
1571 push @sql, $$_;
1572 } else {
1573 # strings get case twiddled
1574 push @sql, $self->_sqlcase($_);
1575 }
1576 }
1577
1578 my $sql = join ' ', @sql;
1579
1580 # this is pretty tricky
1581 # if ask for an array, return ($stmt, @bind)
1582 # otherwise, s/?/shift @sqlv/ to put it inline
1583 if (wantarray) {
1584 return ($sql, @sqlv);
1585 } else {
1586 1 while $sql =~ s/\?/my $d = shift(@sqlv);
1587 ref $d ? $d->[1] : $d/e;
1588 return $sql;
1589 }
1590}
1591
1592
1593sub DESTROY { 1 }
1594
1595sub AUTOLOAD {
1596 # This allows us to check for a local, then _form, attr
1597 my $self = shift;
1598 my($name) = $AUTOLOAD =~ /.*::(.+)/;
1599 return $self->generate($name, @_);
1600}
1601
16021;
1603
1604
1605
1606__END__
32eab2da 1607
1608=head1 NAME
1609
1610SQL::Abstract - Generate SQL from Perl data structures
1611
1612=head1 SYNOPSIS
1613
1614 use SQL::Abstract;
1615
1616 my $sql = SQL::Abstract->new;
1617
521647e7 1618 my($stmt, @bind) = $sql->select($source, \@fields, \%where, \@order);
32eab2da 1619
1620 my($stmt, @bind) = $sql->insert($table, \%fieldvals || \@values);
1621
1622 my($stmt, @bind) = $sql->update($table, \%fieldvals, \%where);
1623
1624 my($stmt, @bind) = $sql->delete($table, \%where);
1625
1626 # Then, use these in your DBI statements
1627 my $sth = $dbh->prepare($stmt);
1628 $sth->execute(@bind);
1629
1630 # Just generate the WHERE clause
abe72f94 1631 my($stmt, @bind) = $sql->where(\%where, \@order);
32eab2da 1632
1633 # Return values in the same order, for hashed queries
1634 # See PERFORMANCE section for more details
1635 my @bind = $sql->values(\%fieldvals);
1636
1637=head1 DESCRIPTION
1638
1639This module was inspired by the excellent L<DBIx::Abstract>.
1640However, in using that module I found that what I really wanted
1641to do was generate SQL, but still retain complete control over my
1642statement handles and use the DBI interface. So, I set out to
1643create an abstract SQL generation module.
1644
1645While based on the concepts used by L<DBIx::Abstract>, there are
1646several important differences, especially when it comes to WHERE
1647clauses. I have modified the concepts used to make the SQL easier
1648to generate from Perl data structures and, IMO, more intuitive.
1649The underlying idea is for this module to do what you mean, based
1650on the data structures you provide it. The big advantage is that
1651you don't have to modify your code every time your data changes,
1652as this module figures it out.
1653
1654To begin with, an SQL INSERT is as easy as just specifying a hash
1655of C<key=value> pairs:
1656
1657 my %data = (
1658 name => 'Jimbo Bobson',
1659 phone => '123-456-7890',
1660 address => '42 Sister Lane',
1661 city => 'St. Louis',
1662 state => 'Louisiana',
1663 );
1664
1665The SQL can then be generated with this:
1666
1667 my($stmt, @bind) = $sql->insert('people', \%data);
1668
1669Which would give you something like this:
1670
1671 $stmt = "INSERT INTO people
1672 (address, city, name, phone, state)
1673 VALUES (?, ?, ?, ?, ?)";
1674 @bind = ('42 Sister Lane', 'St. Louis', 'Jimbo Bobson',
1675 '123-456-7890', 'Louisiana');
1676
1677These are then used directly in your DBI code:
1678
1679 my $sth = $dbh->prepare($stmt);
1680 $sth->execute(@bind);
1681
96449e8e 1682=head2 Inserting and Updating Arrays
1683
1684If your database has array types (like for example Postgres),
1685activate the special option C<< array_datatypes => 1 >>
9d48860e 1686when creating the C<SQL::Abstract> object.
96449e8e 1687Then you may use an arrayref to insert and update database array types:
1688
1689 my $sql = SQL::Abstract->new(array_datatypes => 1);
1690 my %data = (
1691 planets => [qw/Mercury Venus Earth Mars/]
1692 );
9d48860e 1693
96449e8e 1694 my($stmt, @bind) = $sql->insert('solar_system', \%data);
1695
1696This results in:
1697
1698 $stmt = "INSERT INTO solar_system (planets) VALUES (?)"
1699
1700 @bind = (['Mercury', 'Venus', 'Earth', 'Mars']);
1701
1702
1703=head2 Inserting and Updating SQL
1704
1705In order to apply SQL functions to elements of your C<%data> you may
1706specify a reference to an arrayref for the given hash value. For example,
1707if you need to execute the Oracle C<to_date> function on a value, you can
1708say something like this:
32eab2da 1709
1710 my %data = (
1711 name => 'Bill',
96449e8e 1712 date_entered => \["to_date(?,'MM/DD/YYYY')", "03/02/2003"],
9d48860e 1713 );
32eab2da 1714
1715The first value in the array is the actual SQL. Any other values are
1716optional and would be included in the bind values array. This gives
1717you:
1718
1719 my($stmt, @bind) = $sql->insert('people', \%data);
1720
9d48860e 1721 $stmt = "INSERT INTO people (name, date_entered)
32eab2da 1722 VALUES (?, to_date(?,'MM/DD/YYYY'))";
1723 @bind = ('Bill', '03/02/2003');
1724
1725An UPDATE is just as easy, all you change is the name of the function:
1726
1727 my($stmt, @bind) = $sql->update('people', \%data);
1728
1729Notice that your C<%data> isn't touched; the module will generate
1730the appropriately quirky SQL for you automatically. Usually you'll
1731want to specify a WHERE clause for your UPDATE, though, which is
1732where handling C<%where> hashes comes in handy...
1733
96449e8e 1734=head2 Complex where statements
1735
32eab2da 1736This module can generate pretty complicated WHERE statements
1737easily. For example, simple C<key=value> pairs are taken to mean
1738equality, and if you want to see if a field is within a set
1739of values, you can use an arrayref. Let's say we wanted to
1740SELECT some data based on this criteria:
1741
1742 my %where = (
1743 requestor => 'inna',
1744 worker => ['nwiger', 'rcwe', 'sfz'],
1745 status => { '!=', 'completed' }
1746 );
1747
1748 my($stmt, @bind) = $sql->select('tickets', '*', \%where);
1749
1750The above would give you something like this:
1751
1752 $stmt = "SELECT * FROM tickets WHERE
1753 ( requestor = ? ) AND ( status != ? )
1754 AND ( worker = ? OR worker = ? OR worker = ? )";
1755 @bind = ('inna', 'completed', 'nwiger', 'rcwe', 'sfz');
1756
1757Which you could then use in DBI code like so:
1758
1759 my $sth = $dbh->prepare($stmt);
1760 $sth->execute(@bind);
1761
1762Easy, eh?
1763
0da0fe34 1764=head1 METHODS
32eab2da 1765
0da0fe34 1766The methods are simple. There's one for each major SQL operation,
32eab2da 1767and a constructor you use first. The arguments are specified in a
0da0fe34 1768similar order to each method (table, then fields, then a where
32eab2da 1769clause) to try and simplify things.
1770
32eab2da 1771=head2 new(option => 'value')
1772
1773The C<new()> function takes a list of options and values, and returns
1774a new B<SQL::Abstract> object which can then be used to generate SQL
1775through the methods below. The options accepted are:
1776
1777=over
1778
1779=item case
1780
1781If set to 'lower', then SQL will be generated in all lowercase. By
1782default SQL is generated in "textbook" case meaning something like:
1783
1784 SELECT a_field FROM a_table WHERE some_field LIKE '%someval%'
1785
96449e8e 1786Any setting other than 'lower' is ignored.
1787
32eab2da 1788=item cmp
1789
1790This determines what the default comparison operator is. By default
1791it is C<=>, meaning that a hash like this:
1792
1793 %where = (name => 'nwiger', email => 'nate@wiger.org');
1794
1795Will generate SQL like this:
1796
1797 WHERE name = 'nwiger' AND email = 'nate@wiger.org'
1798
1799However, you may want loose comparisons by default, so if you set
1800C<cmp> to C<like> you would get SQL such as:
1801
1802 WHERE name like 'nwiger' AND email like 'nate@wiger.org'
1803
3af02ccb 1804You can also override the comparison on an individual basis - see
32eab2da 1805the huge section on L</"WHERE CLAUSES"> at the bottom.
1806
96449e8e 1807=item sqltrue, sqlfalse
1808
1809Expressions for inserting boolean values within SQL statements.
6e0c6552 1810By default these are C<1=1> and C<1=0>. They are used
1811by the special operators C<-in> and C<-not_in> for generating
1812correct SQL even when the argument is an empty array (see below).
96449e8e 1813
32eab2da 1814=item logic
1815
1816This determines the default logical operator for multiple WHERE
7cac25e6 1817statements in arrays or hashes. If absent, the default logic is "or"
1818for arrays, and "and" for hashes. This means that a WHERE
32eab2da 1819array of the form:
1820
1821 @where = (
9d48860e 1822 event_date => {'>=', '2/13/99'},
1823 event_date => {'<=', '4/24/03'},
32eab2da 1824 );
1825
7cac25e6 1826will generate SQL like this:
32eab2da 1827
1828 WHERE event_date >= '2/13/99' OR event_date <= '4/24/03'
1829
1830This is probably not what you want given this query, though (look
1831at the dates). To change the "OR" to an "AND", simply specify:
1832
1833 my $sql = SQL::Abstract->new(logic => 'and');
1834
1835Which will change the above C<WHERE> to:
1836
1837 WHERE event_date >= '2/13/99' AND event_date <= '4/24/03'
1838
96449e8e 1839The logic can also be changed locally by inserting
7cac25e6 1840a modifier in front of an arrayref :
96449e8e 1841
9d48860e 1842 @where = (-and => [event_date => {'>=', '2/13/99'},
7cac25e6 1843 event_date => {'<=', '4/24/03'} ]);
96449e8e 1844
1845See the L</"WHERE CLAUSES"> section for explanations.
1846
32eab2da 1847=item convert
1848
1849This will automatically convert comparisons using the specified SQL
1850function for both column and value. This is mostly used with an argument
1851of C<upper> or C<lower>, so that the SQL will have the effect of
1852case-insensitive "searches". For example, this:
1853
1854 $sql = SQL::Abstract->new(convert => 'upper');
1855 %where = (keywords => 'MaKe iT CAse inSeNSItive');
1856
1857Will turn out the following SQL:
1858
1859 WHERE upper(keywords) like upper('MaKe iT CAse inSeNSItive')
1860
1861The conversion can be C<upper()>, C<lower()>, or any other SQL function
1862that can be applied symmetrically to fields (actually B<SQL::Abstract> does
1863not validate this option; it will just pass through what you specify verbatim).
1864
1865=item bindtype
1866
1867This is a kludge because many databases suck. For example, you can't
1868just bind values using DBI's C<execute()> for Oracle C<CLOB> or C<BLOB> fields.
1869Instead, you have to use C<bind_param()>:
1870
1871 $sth->bind_param(1, 'reg data');
1872 $sth->bind_param(2, $lots, {ora_type => ORA_CLOB});
1873
1874The problem is, B<SQL::Abstract> will normally just return a C<@bind> array,
1875which loses track of which field each slot refers to. Fear not.
1876
1877If you specify C<bindtype> in new, you can determine how C<@bind> is returned.
1878Currently, you can specify either C<normal> (default) or C<columns>. If you
1879specify C<columns>, you will get an array that looks like this:
1880
1881 my $sql = SQL::Abstract->new(bindtype => 'columns');
1882 my($stmt, @bind) = $sql->insert(...);
1883
1884 @bind = (
1885 [ 'column1', 'value1' ],
1886 [ 'column2', 'value2' ],
1887 [ 'column3', 'value3' ],
1888 );
1889
1890You can then iterate through this manually, using DBI's C<bind_param()>.
e3f9dff4 1891
32eab2da 1892 $sth->prepare($stmt);
1893 my $i = 1;
1894 for (@bind) {
1895 my($col, $data) = @$_;
1896 if ($col eq 'details' || $col eq 'comments') {
1897 $sth->bind_param($i, $data, {ora_type => ORA_CLOB});
1898 } elsif ($col eq 'image') {
1899 $sth->bind_param($i, $data, {ora_type => ORA_BLOB});
1900 } else {
1901 $sth->bind_param($i, $data);
1902 }
1903 $i++;
1904 }
1905 $sth->execute; # execute without @bind now
1906
1907Now, why would you still use B<SQL::Abstract> if you have to do this crap?
1908Basically, the advantage is still that you don't have to care which fields
1909are or are not included. You could wrap that above C<for> loop in a simple
1910sub called C<bind_fields()> or something and reuse it repeatedly. You still
1911get a layer of abstraction over manual SQL specification.
1912
deb148a2 1913Note that if you set L</bindtype> to C<columns>, the C<\[$sql, @bind]>
1914construct (see L</Literal SQL with placeholders and bind values (subqueries)>)
1915will expect the bind values in this format.
1916
32eab2da 1917=item quote_char
1918
1919This is the character that a table or column name will be quoted
9d48860e 1920with. By default this is an empty string, but you could set it to
32eab2da 1921the character C<`>, to generate SQL like this:
1922
1923 SELECT `a_field` FROM `a_table` WHERE `some_field` LIKE '%someval%'
1924
96449e8e 1925Alternatively, you can supply an array ref of two items, the first being the left
1926hand quote character, and the second the right hand quote character. For
1927example, you could supply C<['[',']']> for SQL Server 2000 compliant quotes
1928that generates SQL like this:
1929
1930 SELECT [a_field] FROM [a_table] WHERE [some_field] LIKE '%someval%'
1931
9d48860e 1932Quoting is useful if you have tables or columns names that are reserved
96449e8e 1933words in your database's SQL dialect.
32eab2da 1934
46be4313 1935=item escape_char
1936
1937This is the character that will be used to escape L</quote_char>s appearing
1938in an identifier before it has been quoted.
1939
1940The paramter default in case of a single L</quote_char> character is the quote
1941character itself.
1942
1943When opening-closing-style quoting is used (L</quote_char> is an arrayref)
1944this parameter defaults to the B<closing (right)> L</quote_char>. Occurences
1945of the B<opening (left)> L</quote_char> within the identifier are currently left
1946untouched. The default for opening-closing-style quotes may change in future
1947versions, thus you are B<strongly encouraged> to specify the escape character
1948explicitly.
1949
32eab2da 1950=item name_sep
1951
1952This is the character that separates a table and column name. It is
1953necessary to specify this when the C<quote_char> option is selected,
1954so that tables and column names can be individually quoted like this:
1955
1956 SELECT `table`.`one_field` FROM `table` WHERE `table`.`other_field` = 1
1957
b6251592 1958=item injection_guard
1959
1960A regular expression C<qr/.../> that is applied to any C<-function> and unquoted
1961column name specified in a query structure. This is a safety mechanism to avoid
1962injection attacks when mishandling user input e.g.:
1963
1964 my %condition_as_column_value_pairs = get_values_from_user();
1965 $sqla->select( ... , \%condition_as_column_value_pairs );
1966
1967If the expression matches an exception is thrown. Note that literal SQL
1968supplied via C<\'...'> or C<\['...']> is B<not> checked in any way.
1969
1970Defaults to checking for C<;> and the C<GO> keyword (TransactSQL)
1971
96449e8e 1972=item array_datatypes
32eab2da 1973
9d48860e 1974When this option is true, arrayrefs in INSERT or UPDATE are
1975interpreted as array datatypes and are passed directly
96449e8e 1976to the DBI layer.
1977When this option is false, arrayrefs are interpreted
1978as literal SQL, just like refs to arrayrefs
1979(but this behavior is for backwards compatibility; when writing
1980new queries, use the "reference to arrayref" syntax
1981for literal SQL).
32eab2da 1982
32eab2da 1983
96449e8e 1984=item special_ops
32eab2da 1985
9d48860e 1986Takes a reference to a list of "special operators"
96449e8e 1987to extend the syntax understood by L<SQL::Abstract>.
1988See section L</"SPECIAL OPERATORS"> for details.
32eab2da 1989
59f23b3d 1990=item unary_ops
1991
9d48860e 1992Takes a reference to a list of "unary operators"
59f23b3d 1993to extend the syntax understood by L<SQL::Abstract>.
1994See section L</"UNARY OPERATORS"> for details.
1995
32eab2da 1996
32eab2da 1997
96449e8e 1998=back
32eab2da 1999
02288357 2000=head2 insert($table, \@values || \%fieldvals, \%options)
32eab2da 2001
2002This is the simplest function. You simply give it a table name
2003and either an arrayref of values or hashref of field/value pairs.
2004It returns an SQL INSERT statement and a list of bind values.
96449e8e 2005See the sections on L</"Inserting and Updating Arrays"> and
2006L</"Inserting and Updating SQL"> for information on how to insert
2007with those data types.
32eab2da 2008
02288357 2009The optional C<\%options> hash reference may contain additional
2010options to generate the insert SQL. Currently supported options
2011are:
2012
2013=over 4
2014
2015=item returning
2016
2017Takes either a scalar of raw SQL fields, or an array reference of
2018field names, and adds on an SQL C<RETURNING> statement at the end.
2019This allows you to return data generated by the insert statement
2020(such as row IDs) without performing another C<SELECT> statement.
2021Note, however, this is not part of the SQL standard and may not
2022be supported by all database engines.
2023
2024=back
2025
32eab2da 2026=head2 update($table, \%fieldvals, \%where)
2027
2028This takes a table, hashref of field/value pairs, and an optional
86298391 2029hashref L<WHERE clause|/WHERE CLAUSES>. It returns an SQL UPDATE function and a list
32eab2da 2030of bind values.
96449e8e 2031See the sections on L</"Inserting and Updating Arrays"> and
2032L</"Inserting and Updating SQL"> for information on how to insert
2033with those data types.
32eab2da 2034
96449e8e 2035=head2 select($source, $fields, $where, $order)
32eab2da 2036
9d48860e 2037This returns a SQL SELECT statement and associated list of bind values, as
96449e8e 2038specified by the arguments :
32eab2da 2039
96449e8e 2040=over
32eab2da 2041
96449e8e 2042=item $source
32eab2da 2043
9d48860e 2044Specification of the 'FROM' part of the statement.
96449e8e 2045The argument can be either a plain scalar (interpreted as a table
2046name, will be quoted), or an arrayref (interpreted as a list
2047of table names, joined by commas, quoted), or a scalarref
2048(literal table name, not quoted), or a ref to an arrayref
2049(list of literal table names, joined by commas, not quoted).
32eab2da 2050
96449e8e 2051=item $fields
32eab2da 2052
9d48860e 2053Specification of the list of fields to retrieve from
96449e8e 2054the source.
2055The argument can be either an arrayref (interpreted as a list
9d48860e 2056of field names, will be joined by commas and quoted), or a
96449e8e 2057plain scalar (literal SQL, not quoted).
521647e7 2058Please observe that this API is not as flexible as that of
2059the first argument C<$source>, for backwards compatibility reasons.
32eab2da 2060
96449e8e 2061=item $where
32eab2da 2062
96449e8e 2063Optional argument to specify the WHERE part of the query.
2064The argument is most often a hashref, but can also be
9d48860e 2065an arrayref or plain scalar --
96449e8e 2066see section L<WHERE clause|/"WHERE CLAUSES"> for details.
32eab2da 2067
96449e8e 2068=item $order
32eab2da 2069
96449e8e 2070Optional argument to specify the ORDER BY part of the query.
9d48860e 2071The argument can be a scalar, a hashref or an arrayref
96449e8e 2072-- see section L<ORDER BY clause|/"ORDER BY CLAUSES">
2073for details.
32eab2da 2074
96449e8e 2075=back
32eab2da 2076
32eab2da 2077
2078=head2 delete($table, \%where)
2079
86298391 2080This takes a table name and optional hashref L<WHERE clause|/WHERE CLAUSES>.
32eab2da 2081It returns an SQL DELETE statement and list of bind values.
2082
32eab2da 2083=head2 where(\%where, \@order)
2084
2085This is used to generate just the WHERE clause. For example,
2086if you have an arbitrary data structure and know what the
2087rest of your SQL is going to look like, but want an easy way
2088to produce a WHERE clause, use this. It returns an SQL WHERE
2089clause and list of bind values.
2090
32eab2da 2091
2092=head2 values(\%data)
2093
2094This just returns the values from the hash C<%data>, in the same
2095order that would be returned from any of the other above queries.
2096Using this allows you to markedly speed up your queries if you
2097are affecting lots of rows. See below under the L</"PERFORMANCE"> section.
2098
32eab2da 2099=head2 generate($any, 'number', $of, \@data, $struct, \%types)
2100
2101Warning: This is an experimental method and subject to change.
2102
2103This returns arbitrarily generated SQL. It's a really basic shortcut.
2104It will return two different things, depending on return context:
2105
2106 my($stmt, @bind) = $sql->generate('create table', \$table, \@fields);
2107 my $stmt_and_val = $sql->generate('create table', \$table, \@fields);
2108
2109These would return the following:
2110
2111 # First calling form
2112 $stmt = "CREATE TABLE test (?, ?)";
2113 @bind = (field1, field2);
2114
2115 # Second calling form
2116 $stmt_and_val = "CREATE TABLE test (field1, field2)";
2117
2118Depending on what you're trying to do, it's up to you to choose the correct
2119format. In this example, the second form is what you would want.
2120
2121By the same token:
2122
2123 $sql->generate('alter session', { nls_date_format => 'MM/YY' });
2124
2125Might give you:
2126
2127 ALTER SESSION SET nls_date_format = 'MM/YY'
2128
2129You get the idea. Strings get their case twiddled, but everything
2130else remains verbatim.
2131
0da0fe34 2132=head1 EXPORTABLE FUNCTIONS
2133
2134=head2 is_plain_value
2135
2136Determines if the supplied argument is a plain value as understood by this
2137module:
2138
2139=over
2140
2141=item * The value is C<undef>
2142
2143=item * The value is a non-reference
2144
2145=item * The value is an object with stringification overloading
2146
2147=item * The value is of the form C<< { -value => $anything } >>
2148
2149=back
2150
966200cc 2151On failure returns C<undef>, on sucess returns a B<scalar> reference
2152to the original supplied argument.
0da0fe34 2153
2154=head2 is_literal_value
2155
2156Determines if the supplied argument is a literal value as understood by this
2157module:
2158
2159=over
2160
2161=item * C<\$sql_string>
2162
2163=item * C<\[ $sql_string, @bind_values ]>
2164
2165=item * C<< { -ident => $plain_defined_string } >>
2166
2167=back
2168
966200cc 2169On failure returns C<undef>, on sucess returns an B<array> reference
2170containing the unpacked version of the supplied literal SQL and bind values.
0da0fe34 2171
32eab2da 2172=head1 WHERE CLAUSES
2173
96449e8e 2174=head2 Introduction
2175
32eab2da 2176This module uses a variation on the idea from L<DBIx::Abstract>. It
2177is B<NOT>, repeat I<not> 100% compatible. B<The main logic of this
2178module is that things in arrays are OR'ed, and things in hashes
2179are AND'ed.>
2180
2181The easiest way to explain is to show lots of examples. After
2182each C<%where> hash shown, it is assumed you used:
2183
2184 my($stmt, @bind) = $sql->where(\%where);
2185
2186However, note that the C<%where> hash can be used directly in any
2187of the other functions as well, as described above.
2188
96449e8e 2189=head2 Key-value pairs
2190
32eab2da 2191So, let's get started. To begin, a simple hash:
2192
2193 my %where = (
2194 user => 'nwiger',
2195 status => 'completed'
2196 );
2197
2198Is converted to SQL C<key = val> statements:
2199
2200 $stmt = "WHERE user = ? AND status = ?";
2201 @bind = ('nwiger', 'completed');
2202
2203One common thing I end up doing is having a list of values that
2204a field can be in. To do this, simply specify a list inside of
2205an arrayref:
2206
2207 my %where = (
2208 user => 'nwiger',
2209 status => ['assigned', 'in-progress', 'pending'];
2210 );
2211
2212This simple code will create the following:
9d48860e 2213
32eab2da 2214 $stmt = "WHERE user = ? AND ( status = ? OR status = ? OR status = ? )";
2215 @bind = ('nwiger', 'assigned', 'in-progress', 'pending');
2216
9d48860e 2217A field associated to an empty arrayref will be considered a
7cac25e6 2218logical false and will generate 0=1.
8a68b5be 2219
b864ba9b 2220=head2 Tests for NULL values
2221
2222If the value part is C<undef> then this is converted to SQL <IS NULL>
2223
2224 my %where = (
2225 user => 'nwiger',
2226 status => undef,
2227 );
2228
2229becomes:
2230
2231 $stmt = "WHERE user = ? AND status IS NULL";
2232 @bind = ('nwiger');
2233
e9614080 2234To test if a column IS NOT NULL:
2235
2236 my %where = (
2237 user => 'nwiger',
2238 status => { '!=', undef },
2239 );
cc422895 2240
6e0c6552 2241=head2 Specific comparison operators
96449e8e 2242
32eab2da 2243If you want to specify a different type of operator for your comparison,
2244you can use a hashref for a given column:
2245
2246 my %where = (
2247 user => 'nwiger',
2248 status => { '!=', 'completed' }
2249 );
2250
2251Which would generate:
2252
2253 $stmt = "WHERE user = ? AND status != ?";
2254 @bind = ('nwiger', 'completed');
2255
2256To test against multiple values, just enclose the values in an arrayref:
2257
96449e8e 2258 status => { '=', ['assigned', 'in-progress', 'pending'] };
2259
f2d5020d 2260Which would give you:
96449e8e 2261
2262 "WHERE status = ? OR status = ? OR status = ?"
2263
2264
2265The hashref can also contain multiple pairs, in which case it is expanded
32eab2da 2266into an C<AND> of its elements:
2267
2268 my %where = (
2269 user => 'nwiger',
2270 status => { '!=', 'completed', -not_like => 'pending%' }
2271 );
2272
2273 # Or more dynamically, like from a form
2274 $where{user} = 'nwiger';
2275 $where{status}{'!='} = 'completed';
2276 $where{status}{'-not_like'} = 'pending%';
2277
2278 # Both generate this
2279 $stmt = "WHERE user = ? AND status != ? AND status NOT LIKE ?";
2280 @bind = ('nwiger', 'completed', 'pending%');
2281
96449e8e 2282
32eab2da 2283To get an OR instead, you can combine it with the arrayref idea:
2284
2285 my %where => (
2286 user => 'nwiger',
1a6f2a03 2287 priority => [ { '=', 2 }, { '>', 5 } ]
32eab2da 2288 );
2289
2290Which would generate:
2291
1a6f2a03 2292 $stmt = "WHERE ( priority = ? OR priority > ? ) AND user = ?";
2293 @bind = ('2', '5', 'nwiger');
32eab2da 2294
44b9e502 2295If you want to include literal SQL (with or without bind values), just use a
2296scalar reference or array reference as the value:
2297
2298 my %where = (
2299 date_entered => { '>' => \["to_date(?, 'MM/DD/YYYY')", "11/26/2008"] },
2300 date_expires => { '<' => \"now()" }
2301 );
2302
2303Which would generate:
2304
2305 $stmt = "WHERE date_entered > "to_date(?, 'MM/DD/YYYY') AND date_expires < now()";
2306 @bind = ('11/26/2008');
2307
96449e8e 2308
2309=head2 Logic and nesting operators
2310
2311In the example above,
2312there is a subtle trap if you want to say something like
32eab2da 2313this (notice the C<AND>):
2314
2315 WHERE priority != ? AND priority != ?
2316
2317Because, in Perl you I<can't> do this:
2318
2319 priority => { '!=', 2, '!=', 1 }
2320
2321As the second C<!=> key will obliterate the first. The solution
2322is to use the special C<-modifier> form inside an arrayref:
2323
9d48860e 2324 priority => [ -and => {'!=', 2},
96449e8e 2325 {'!=', 1} ]
2326
32eab2da 2327
2328Normally, these would be joined by C<OR>, but the modifier tells it
2329to use C<AND> instead. (Hint: You can use this in conjunction with the
2330C<logic> option to C<new()> in order to change the way your queries
2331work by default.) B<Important:> Note that the C<-modifier> goes
2332B<INSIDE> the arrayref, as an extra first element. This will
2333B<NOT> do what you think it might:
2334
2335 priority => -and => [{'!=', 2}, {'!=', 1}] # WRONG!
2336
2337Here is a quick list of equivalencies, since there is some overlap:
2338
2339 # Same
2340 status => {'!=', 'completed', 'not like', 'pending%' }
2341 status => [ -and => {'!=', 'completed'}, {'not like', 'pending%'}]
2342
2343 # Same
2344 status => {'=', ['assigned', 'in-progress']}
2345 status => [ -or => {'=', 'assigned'}, {'=', 'in-progress'}]
2346 status => [ {'=', 'assigned'}, {'=', 'in-progress'} ]
2347
e3f9dff4 2348
2349
96449e8e 2350=head2 Special operators : IN, BETWEEN, etc.
2351
32eab2da 2352You can also use the hashref format to compare a list of fields using the
2353C<IN> comparison operator, by specifying the list as an arrayref:
2354
2355 my %where = (
2356 status => 'completed',
2357 reportid => { -in => [567, 2335, 2] }
2358 );
2359
2360Which would generate:
2361
2362 $stmt = "WHERE status = ? AND reportid IN (?,?,?)";
2363 @bind = ('completed', '567', '2335', '2');
2364
9d48860e 2365The reverse operator C<-not_in> generates SQL C<NOT IN> and is used in
96449e8e 2366the same way.
2367
6e0c6552 2368If the argument to C<-in> is an empty array, 'sqlfalse' is generated
2369(by default : C<1=0>). Similarly, C<< -not_in => [] >> generates
2370'sqltrue' (by default : C<1=1>).
2371
e41c3bdd 2372In addition to the array you can supply a chunk of literal sql or
2373literal sql with bind:
6e0c6552 2374
e41c3bdd 2375 my %where = {
2376 customer => { -in => \[
2377 'SELECT cust_id FROM cust WHERE balance > ?',
2378 2000,
2379 ],
2380 status => { -in => \'SELECT status_codes FROM states' },
2381 };
6e0c6552 2382
e41c3bdd 2383would generate:
2384
2385 $stmt = "WHERE (
2386 customer IN ( SELECT cust_id FROM cust WHERE balance > ? )
2387 AND status IN ( SELECT status_codes FROM states )
2388 )";
2389 @bind = ('2000');
2390
0dfd2442 2391Finally, if the argument to C<-in> is not a reference, it will be
2392treated as a single-element array.
e41c3bdd 2393
2394Another pair of operators is C<-between> and C<-not_between>,
96449e8e 2395used with an arrayref of two values:
32eab2da 2396
2397 my %where = (
2398 user => 'nwiger',
2399 completion_date => {
2400 -not_between => ['2002-10-01', '2003-02-06']
2401 }
2402 );
2403
2404Would give you:
2405
2406 WHERE user = ? AND completion_date NOT BETWEEN ( ? AND ? )
2407
e41c3bdd 2408Just like with C<-in> all plausible combinations of literal SQL
2409are possible:
2410
2411 my %where = {
2412 start0 => { -between => [ 1, 2 ] },
2413 start1 => { -between => \["? AND ?", 1, 2] },
2414 start2 => { -between => \"lower(x) AND upper(y)" },
9d48860e 2415 start3 => { -between => [
e41c3bdd 2416 \"lower(x)",
2417 \["upper(?)", 'stuff' ],
2418 ] },
2419 };
2420
2421Would give you:
2422
2423 $stmt = "WHERE (
2424 ( start0 BETWEEN ? AND ? )
2425 AND ( start1 BETWEEN ? AND ? )
2426 AND ( start2 BETWEEN lower(x) AND upper(y) )
2427 AND ( start3 BETWEEN lower(x) AND upper(?) )
2428 )";
2429 @bind = (1, 2, 1, 2, 'stuff');
2430
2431
9d48860e 2432These are the two builtin "special operators"; but the
96449e8e 2433list can be expanded : see section L</"SPECIAL OPERATORS"> below.
2434
59f23b3d 2435=head2 Unary operators: bool
97a920ef 2436
2437If you wish to test against boolean columns or functions within your
2438database you can use the C<-bool> and C<-not_bool> operators. For
2439example to test the column C<is_user> being true and the column
827bb0eb 2440C<is_enabled> being false you would use:-
97a920ef 2441
2442 my %where = (
2443 -bool => 'is_user',
2444 -not_bool => 'is_enabled',
2445 );
2446
2447Would give you:
2448
277b5d3f 2449 WHERE is_user AND NOT is_enabled
97a920ef 2450
0b604e9d 2451If a more complex combination is required, testing more conditions,
2452then you should use the and/or operators:-
2453
2454 my %where = (
2455 -and => [
2456 -bool => 'one',
23401b81 2457 -not_bool => { two=> { -rlike => 'bar' } },
2458 -not_bool => { three => [ { '=', 2 }, { '>', 5 } ] },
0b604e9d 2459 ],
2460 );
2461
2462Would give you:
2463
23401b81 2464 WHERE
2465 one
2466 AND
2467 (NOT two RLIKE ?)
2468 AND
2469 (NOT ( three = ? OR three > ? ))
97a920ef 2470
2471
107b72f1 2472=head2 Nested conditions, -and/-or prefixes
96449e8e 2473
32eab2da 2474So far, we've seen how multiple conditions are joined with a top-level
2475C<AND>. We can change this by putting the different conditions we want in
2476hashes and then putting those hashes in an array. For example:
2477
2478 my @where = (
2479 {
2480 user => 'nwiger',
2481 status => { -like => ['pending%', 'dispatched'] },
2482 },
2483 {
2484 user => 'robot',
2485 status => 'unassigned',
2486 }
2487 );
2488
2489This data structure would create the following:
2490
2491 $stmt = "WHERE ( user = ? AND ( status LIKE ? OR status LIKE ? ) )
2492 OR ( user = ? AND status = ? ) )";
2493 @bind = ('nwiger', 'pending', 'dispatched', 'robot', 'unassigned');
2494
107b72f1 2495
48d9f5f8 2496Clauses in hashrefs or arrayrefs can be prefixed with an C<-and> or C<-or>
2497to change the logic inside :
32eab2da 2498
2499 my @where = (
2500 -and => [
2501 user => 'nwiger',
48d9f5f8 2502 [
2503 -and => [ workhrs => {'>', 20}, geo => 'ASIA' ],
2504 -or => { workhrs => {'<', 50}, geo => 'EURO' },
32eab2da 2505 ],
2506 ],
2507 );
2508
2509That would yield:
2510
48d9f5f8 2511 WHERE ( user = ? AND (
2512 ( workhrs > ? AND geo = ? )
2513 OR ( workhrs < ? OR geo = ? )
2514 ) )
107b72f1 2515
cc422895 2516=head3 Algebraic inconsistency, for historical reasons
107b72f1 2517
7cac25e6 2518C<Important note>: when connecting several conditions, the C<-and->|C<-or>
2519operator goes C<outside> of the nested structure; whereas when connecting
2520several constraints on one column, the C<-and> operator goes
2521C<inside> the arrayref. Here is an example combining both features :
2522
2523 my @where = (
2524 -and => [a => 1, b => 2],
2525 -or => [c => 3, d => 4],
2526 e => [-and => {-like => 'foo%'}, {-like => '%bar'} ]
2527 )
2528
2529yielding
2530
9d48860e 2531 WHERE ( ( ( a = ? AND b = ? )
2532 OR ( c = ? OR d = ? )
7cac25e6 2533 OR ( e LIKE ? AND e LIKE ? ) ) )
2534
107b72f1 2535This difference in syntax is unfortunate but must be preserved for
2536historical reasons. So be careful : the two examples below would
2537seem algebraically equivalent, but they are not
2538
9d48860e 2539 {col => [-and => {-like => 'foo%'}, {-like => '%bar'}]}
107b72f1 2540 # yields : WHERE ( ( col LIKE ? AND col LIKE ? ) )
2541
9d48860e 2542 [-and => {col => {-like => 'foo%'}, {col => {-like => '%bar'}}]]
107b72f1 2543 # yields : WHERE ( ( col LIKE ? OR col LIKE ? ) )
2544
7cac25e6 2545
cc422895 2546=head2 Literal SQL and value type operators
96449e8e 2547
cc422895 2548The basic premise of SQL::Abstract is that in WHERE specifications the "left
2549side" is a column name and the "right side" is a value (normally rendered as
2550a placeholder). This holds true for both hashrefs and arrayref pairs as you
2551see in the L</WHERE CLAUSES> examples above. Sometimes it is necessary to
2552alter this behavior. There are several ways of doing so.
e9614080 2553
cc422895 2554=head3 -ident
2555
2556This is a virtual operator that signals the string to its right side is an
2557identifier (a column name) and not a value. For example to compare two
2558columns you would write:
32eab2da 2559
e9614080 2560 my %where = (
2561 priority => { '<', 2 },
cc422895 2562 requestor => { -ident => 'submitter' },
e9614080 2563 );
2564
2565which creates:
2566
2567 $stmt = "WHERE priority < ? AND requestor = submitter";
2568 @bind = ('2');
2569
cc422895 2570If you are maintaining legacy code you may see a different construct as
2571described in L</Deprecated usage of Literal SQL>, please use C<-ident> in new
2572code.
2573
2574=head3 -value
e9614080 2575
cc422895 2576This is a virtual operator that signals that the construct to its right side
2577is a value to be passed to DBI. This is for example necessary when you want
2578to write a where clause against an array (for RDBMS that support such
2579datatypes). For example:
e9614080 2580
32eab2da 2581 my %where = (
cc422895 2582 array => { -value => [1, 2, 3] }
32eab2da 2583 );
2584
cc422895 2585will result in:
32eab2da 2586
cc422895 2587 $stmt = 'WHERE array = ?';
2588 @bind = ([1, 2, 3]);
32eab2da 2589
cc422895 2590Note that if you were to simply say:
32eab2da 2591
2592 my %where = (
cc422895 2593 array => [1, 2, 3]
32eab2da 2594 );
2595
3af02ccb 2596the result would probably not be what you wanted:
cc422895 2597
2598 $stmt = 'WHERE array = ? OR array = ? OR array = ?';
2599 @bind = (1, 2, 3);
2600
2601=head3 Literal SQL
96449e8e 2602
cc422895 2603Finally, sometimes only literal SQL will do. To include a random snippet
2604of SQL verbatim, you specify it as a scalar reference. Consider this only
2605as a last resort. Usually there is a better way. For example:
96449e8e 2606
2607 my %where = (
cc422895 2608 priority => { '<', 2 },
2609 requestor => { -in => \'(SELECT name FROM hitmen)' },
96449e8e 2610 );
2611
cc422895 2612Would create:
96449e8e 2613
cc422895 2614 $stmt = "WHERE priority < ? AND requestor IN (SELECT name FROM hitmen)"
2615 @bind = (2);
2616
2617Note that in this example, you only get one bind parameter back, since
2618the verbatim SQL is passed as part of the statement.
2619
2620=head4 CAVEAT
2621
2622 Never use untrusted input as a literal SQL argument - this is a massive
2623 security risk (there is no way to check literal snippets for SQL
2624 injections and other nastyness). If you need to deal with untrusted input
2625 use literal SQL with placeholders as described next.
96449e8e 2626
cc422895 2627=head3 Literal SQL with placeholders and bind values (subqueries)
96449e8e 2628
2629If the literal SQL to be inserted has placeholders and bind values,
2630use a reference to an arrayref (yes this is a double reference --
2631not so common, but perfectly legal Perl). For example, to find a date
2632in Postgres you can use something like this:
2633
2634 my %where = (
2635 date_column => \[q/= date '2008-09-30' - ?::integer/, 10/]
2636 )
2637
2638This would create:
2639
d2a8fe1a 2640 $stmt = "WHERE ( date_column = date '2008-09-30' - ?::integer )"
96449e8e 2641 @bind = ('10');
2642
deb148a2 2643Note that you must pass the bind values in the same format as they are returned
62552e7d 2644by L</where>. That means that if you set L</bindtype> to C<columns>, you must
26f2dca5 2645provide the bind values in the C<< [ column_meta => value ] >> format, where
2646C<column_meta> is an opaque scalar value; most commonly the column name, but
62552e7d 2647you can use any scalar value (including references and blessed references),
2648L<SQL::Abstract> will simply pass it through intact. So if C<bindtype> is set
2649to C<columns> the above example will look like:
deb148a2 2650
2651 my %where = (
2652 date_column => \[q/= date '2008-09-30' - ?::integer/, [ dummy => 10 ]/]
2653 )
96449e8e 2654
2655Literal SQL is especially useful for nesting parenthesized clauses in the
2656main SQL query. Here is a first example :
2657
2658 my ($sub_stmt, @sub_bind) = ("SELECT c1 FROM t1 WHERE c2 < ? AND c3 LIKE ?",
2659 100, "foo%");
2660 my %where = (
2661 foo => 1234,
2662 bar => \["IN ($sub_stmt)" => @sub_bind],
2663 );
2664
2665This yields :
2666
9d48860e 2667 $stmt = "WHERE (foo = ? AND bar IN (SELECT c1 FROM t1
96449e8e 2668 WHERE c2 < ? AND c3 LIKE ?))";
2669 @bind = (1234, 100, "foo%");
2670
9d48860e 2671Other subquery operators, like for example C<"E<gt> ALL"> or C<"NOT IN">,
96449e8e 2672are expressed in the same way. Of course the C<$sub_stmt> and
9d48860e 2673its associated bind values can be generated through a former call
96449e8e 2674to C<select()> :
2675
2676 my ($sub_stmt, @sub_bind)
9d48860e 2677 = $sql->select("t1", "c1", {c2 => {"<" => 100},
96449e8e 2678 c3 => {-like => "foo%"}});
2679 my %where = (
2680 foo => 1234,
2681 bar => \["> ALL ($sub_stmt)" => @sub_bind],
2682 );
2683
2684In the examples above, the subquery was used as an operator on a column;
9d48860e 2685but the same principle also applies for a clause within the main C<%where>
96449e8e 2686hash, like an EXISTS subquery :
2687
9d48860e 2688 my ($sub_stmt, @sub_bind)
96449e8e 2689 = $sql->select("t1", "*", {c1 => 1, c2 => \"> t0.c0"});
48d9f5f8 2690 my %where = ( -and => [
96449e8e 2691 foo => 1234,
48d9f5f8 2692 \["EXISTS ($sub_stmt)" => @sub_bind],
2693 ]);
96449e8e 2694
2695which yields
2696
9d48860e 2697 $stmt = "WHERE (foo = ? AND EXISTS (SELECT * FROM t1
96449e8e 2698 WHERE c1 = ? AND c2 > t0.c0))";
2699 @bind = (1234, 1);
2700
2701
9d48860e 2702Observe that the condition on C<c2> in the subquery refers to
2703column C<t0.c0> of the main query : this is I<not> a bind
2704value, so we have to express it through a scalar ref.
96449e8e 2705Writing C<< c2 => {">" => "t0.c0"} >> would have generated
2706C<< c2 > ? >> with bind value C<"t0.c0"> ... not exactly
2707what we wanted here.
2708
96449e8e 2709Finally, here is an example where a subquery is used
2710for expressing unary negation:
2711
9d48860e 2712 my ($sub_stmt, @sub_bind)
96449e8e 2713 = $sql->where({age => [{"<" => 10}, {">" => 20}]});
2714 $sub_stmt =~ s/^ where //i; # don't want "WHERE" in the subclause
2715 my %where = (
2716 lname => {like => '%son%'},
48d9f5f8 2717 \["NOT ($sub_stmt)" => @sub_bind],
96449e8e 2718 );
2719
2720This yields
2721
2722 $stmt = "lname LIKE ? AND NOT ( age < ? OR age > ? )"
2723 @bind = ('%son%', 10, 20)
2724
cc422895 2725=head3 Deprecated usage of Literal SQL
2726
2727Below are some examples of archaic use of literal SQL. It is shown only as
2728reference for those who deal with legacy code. Each example has a much
2729better, cleaner and safer alternative that users should opt for in new code.
2730
2731=over
2732
2733=item *
2734
2735 my %where = ( requestor => \'IS NOT NULL' )
2736
2737 $stmt = "WHERE requestor IS NOT NULL"
2738
2739This used to be the way of generating NULL comparisons, before the handling
2740of C<undef> got formalized. For new code please use the superior syntax as
2741described in L</Tests for NULL values>.
96449e8e 2742
cc422895 2743=item *
2744
2745 my %where = ( requestor => \'= submitter' )
2746
2747 $stmt = "WHERE requestor = submitter"
2748
2749This used to be the only way to compare columns. Use the superior L</-ident>
2750method for all new code. For example an identifier declared in such a way
2751will be properly quoted if L</quote_char> is properly set, while the legacy
2752form will remain as supplied.
2753
2754=item *
2755
2756 my %where = ( is_ready => \"", completed => { '>', '2012-12-21' } )
2757
2758 $stmt = "WHERE completed > ? AND is_ready"
2759 @bind = ('2012-12-21')
2760
2761Using an empty string literal used to be the only way to express a boolean.
2762For all new code please use the much more readable
2763L<-bool|/Unary operators: bool> operator.
2764
2765=back
96449e8e 2766
2767=head2 Conclusion
2768
32eab2da 2769These pages could go on for a while, since the nesting of the data
2770structures this module can handle are pretty much unlimited (the
2771module implements the C<WHERE> expansion as a recursive function
2772internally). Your best bet is to "play around" with the module a
2773little to see how the data structures behave, and choose the best
2774format for your data based on that.
2775
2776And of course, all the values above will probably be replaced with
2777variables gotten from forms or the command line. After all, if you
2778knew everything ahead of time, you wouldn't have to worry about
2779dynamically-generating SQL and could just hardwire it into your
2780script.
2781
86298391 2782=head1 ORDER BY CLAUSES
2783
9d48860e 2784Some functions take an order by clause. This can either be a scalar (just a
86298391 2785column name,) a hash of C<< { -desc => 'col' } >> or C<< { -asc => 'col' } >>,
1cfa1db3 2786or an array of either of the two previous forms. Examples:
2787
952f9e2d 2788 Given | Will Generate
1cfa1db3 2789 ----------------------------------------------------------
952f9e2d 2790 |
2791 \'colA DESC' | ORDER BY colA DESC
2792 |
2793 'colA' | ORDER BY colA
2794 |
2795 [qw/colA colB/] | ORDER BY colA, colB
2796 |
2797 {-asc => 'colA'} | ORDER BY colA ASC
2798 |
2799 {-desc => 'colB'} | ORDER BY colB DESC
2800 |
2801 ['colA', {-asc => 'colB'}] | ORDER BY colA, colB ASC
2802 |
855e6047 2803 { -asc => [qw/colA colB/] } | ORDER BY colA ASC, colB ASC
952f9e2d 2804 |
2805 [ |
2806 { -asc => 'colA' }, | ORDER BY colA ASC, colB DESC,
2807 { -desc => [qw/colB/], | colC ASC, colD ASC
2808 { -asc => [qw/colC colD/],|
2809 ] |
2810 ===========================================================
86298391 2811
96449e8e 2812
2813
2814=head1 SPECIAL OPERATORS
2815
e3f9dff4 2816 my $sqlmaker = SQL::Abstract->new(special_ops => [
3a2e1a5e 2817 {
2818 regex => qr/.../,
e3f9dff4 2819 handler => sub {
2820 my ($self, $field, $op, $arg) = @_;
2821 ...
3a2e1a5e 2822 },
2823 },
2824 {
2825 regex => qr/.../,
2826 handler => 'method_name',
e3f9dff4 2827 },
2828 ]);
2829
9d48860e 2830A "special operator" is a SQL syntactic clause that can be
e3f9dff4 2831applied to a field, instead of a usual binary operator.
9d48860e 2832For example :
e3f9dff4 2833
2834 WHERE field IN (?, ?, ?)
2835 WHERE field BETWEEN ? AND ?
2836 WHERE MATCH(field) AGAINST (?, ?)
96449e8e 2837
e3f9dff4 2838Special operators IN and BETWEEN are fairly standard and therefore
3a2e1a5e 2839are builtin within C<SQL::Abstract> (as the overridable methods
2840C<_where_field_IN> and C<_where_field_BETWEEN>). For other operators,
2841like the MATCH .. AGAINST example above which is specific to MySQL,
2842you can write your own operator handlers - supply a C<special_ops>
2843argument to the C<new> method. That argument takes an arrayref of
2844operator definitions; each operator definition is a hashref with two
2845entries:
96449e8e 2846
e3f9dff4 2847=over
2848
2849=item regex
2850
2851the regular expression to match the operator
96449e8e 2852
e3f9dff4 2853=item handler
2854
3a2e1a5e 2855Either a coderef or a plain scalar method name. In both cases
2856the expected return is C<< ($sql, @bind) >>.
2857
2858When supplied with a method name, it is simply called on the
2859L<SQL::Abstract/> object as:
2860
2861 $self->$method_name ($field, $op, $arg)
2862
2863 Where:
2864
2865 $op is the part that matched the handler regex
2866 $field is the LHS of the operator
2867 $arg is the RHS
2868
2869When supplied with a coderef, it is called as:
2870
2871 $coderef->($self, $field, $op, $arg)
2872
e3f9dff4 2873
2874=back
2875
9d48860e 2876For example, here is an implementation
e3f9dff4 2877of the MATCH .. AGAINST syntax for MySQL
2878
2879 my $sqlmaker = SQL::Abstract->new(special_ops => [
9d48860e 2880
e3f9dff4 2881 # special op for MySql MATCH (field) AGAINST(word1, word2, ...)
9d48860e 2882 {regex => qr/^match$/i,
e3f9dff4 2883 handler => sub {
2884 my ($self, $field, $op, $arg) = @_;
2885 $arg = [$arg] if not ref $arg;
2886 my $label = $self->_quote($field);
2887 my ($placeholder) = $self->_convert('?');
2888 my $placeholders = join ", ", (($placeholder) x @$arg);
2889 my $sql = $self->_sqlcase('match') . " ($label) "
2890 . $self->_sqlcase('against') . " ($placeholders) ";
2891 my @bind = $self->_bindtype($field, @$arg);
2892 return ($sql, @bind);
2893 }
2894 },
9d48860e 2895
e3f9dff4 2896 ]);
96449e8e 2897
2898
59f23b3d 2899=head1 UNARY OPERATORS
2900
112b5232 2901 my $sqlmaker = SQL::Abstract->new(unary_ops => [
59f23b3d 2902 {
2903 regex => qr/.../,
2904 handler => sub {
2905 my ($self, $op, $arg) = @_;
2906 ...
2907 },
2908 },
2909 {
2910 regex => qr/.../,
2911 handler => 'method_name',
2912 },
2913 ]);
2914
9d48860e 2915A "unary operator" is a SQL syntactic clause that can be
59f23b3d 2916applied to a field - the operator goes before the field
2917
2918You can write your own operator handlers - supply a C<unary_ops>
2919argument to the C<new> method. That argument takes an arrayref of
2920operator definitions; each operator definition is a hashref with two
2921entries:
2922
2923=over
2924
2925=item regex
2926
2927the regular expression to match the operator
2928
2929=item handler
2930
2931Either a coderef or a plain scalar method name. In both cases
2932the expected return is C<< $sql >>.
2933
2934When supplied with a method name, it is simply called on the
2935L<SQL::Abstract/> object as:
2936
2937 $self->$method_name ($op, $arg)
2938
2939 Where:
2940
2941 $op is the part that matched the handler regex
2942 $arg is the RHS or argument of the operator
2943
2944When supplied with a coderef, it is called as:
2945
2946 $coderef->($self, $op, $arg)
2947
2948
2949=back
2950
2951
32eab2da 2952=head1 PERFORMANCE
2953
2954Thanks to some benchmarking by Mark Stosberg, it turns out that
2955this module is many orders of magnitude faster than using C<DBIx::Abstract>.
2956I must admit this wasn't an intentional design issue, but it's a
2957byproduct of the fact that you get to control your C<DBI> handles
2958yourself.
2959
2960To maximize performance, use a code snippet like the following:
2961
2962 # prepare a statement handle using the first row
2963 # and then reuse it for the rest of the rows
2964 my($sth, $stmt);
2965 for my $href (@array_of_hashrefs) {
2966 $stmt ||= $sql->insert('table', $href);
2967 $sth ||= $dbh->prepare($stmt);
2968 $sth->execute($sql->values($href));
2969 }
2970
2971The reason this works is because the keys in your C<$href> are sorted
2972internally by B<SQL::Abstract>. Thus, as long as your data retains
2973the same structure, you only have to generate the SQL the first time
2974around. On subsequent queries, simply use the C<values> function provided
2975by this module to return your values in the correct order.
2976
b864ba9b 2977However this depends on the values having the same type - if, for
2978example, the values of a where clause may either have values
2979(resulting in sql of the form C<column = ?> with a single bind
2980value), or alternatively the values might be C<undef> (resulting in
2981sql of the form C<column IS NULL> with no bind value) then the
2982caching technique suggested will not work.
96449e8e 2983
32eab2da 2984=head1 FORMBUILDER
2985
2986If you use my C<CGI::FormBuilder> module at all, you'll hopefully
2987really like this part (I do, at least). Building up a complex query
2988can be as simple as the following:
2989
2990 #!/usr/bin/perl
2991
46dc2f3e 2992 use warnings;
2993 use strict;
2994
32eab2da 2995 use CGI::FormBuilder;
2996 use SQL::Abstract;
2997
2998 my $form = CGI::FormBuilder->new(...);
2999 my $sql = SQL::Abstract->new;
3000
3001 if ($form->submitted) {
3002 my $field = $form->field;
3003 my $id = delete $field->{id};
3004 my($stmt, @bind) = $sql->update('table', $field, {id => $id});
3005 }
3006
3007Of course, you would still have to connect using C<DBI> to run the
3008query, but the point is that if you make your form look like your
3009table, the actual query script can be extremely simplistic.
3010
3011If you're B<REALLY> lazy (I am), check out C<HTML::QuickTable> for
9d48860e 3012a fast interface to returning and formatting data. I frequently
32eab2da 3013use these three modules together to write complex database query
3014apps in under 50 lines.
3015
d8cc1792 3016=head1 REPO
3017
3018=over
3019
6d19fbf9 3020=item * gitweb: L<http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=dbsrgits/SQL-Abstract.git>
d8cc1792 3021
6d19fbf9 3022=item * git: L<git://git.shadowcat.co.uk/dbsrgits/SQL-Abstract.git>
d8cc1792 3023
3024=back
32eab2da 3025
96449e8e 3026=head1 CHANGES
3027
3028Version 1.50 was a major internal refactoring of C<SQL::Abstract>.
3029Great care has been taken to preserve the I<published> behavior
3030documented in previous versions in the 1.* family; however,
9d48860e 3031some features that were previously undocumented, or behaved
96449e8e 3032differently from the documentation, had to be changed in order
3033to clarify the semantics. Hence, client code that was relying
9d48860e 3034on some dark areas of C<SQL::Abstract> v1.*
96449e8e 3035B<might behave differently> in v1.50.
32eab2da 3036
d2a8fe1a 3037The main changes are :
3038
96449e8e 3039=over
32eab2da 3040
9d48860e 3041=item *
32eab2da 3042
96449e8e 3043support for literal SQL through the C<< \ [$sql, bind] >> syntax.
3044
3045=item *
3046
145fbfc8 3047support for the { operator => \"..." } construct (to embed literal SQL)
3048
3049=item *
3050
9c37b9c0 3051support for the { operator => \["...", @bind] } construct (to embed literal SQL with bind values)
3052
3053=item *
3054
96449e8e 3055optional support for L<array datatypes|/"Inserting and Updating Arrays">
3056
9d48860e 3057=item *
96449e8e 3058
3059defensive programming : check arguments
3060
3061=item *
3062
3063fixed bug with global logic, which was previously implemented
7cac25e6 3064through global variables yielding side-effects. Prior versions would
96449e8e 3065interpret C<< [ {cond1, cond2}, [cond3, cond4] ] >>
3066as C<< "(cond1 AND cond2) OR (cond3 AND cond4)" >>.
3067Now this is interpreted
3068as C<< "(cond1 AND cond2) OR (cond3 OR cond4)" >>.
3069
96449e8e 3070
3071=item *
3072
3073fixed semantics of _bindtype on array args
3074
9d48860e 3075=item *
96449e8e 3076
3077dropped the C<_anoncopy> of the %where tree. No longer necessary,
3078we just avoid shifting arrays within that tree.
3079
3080=item *
3081
3082dropped the C<_modlogic> function
3083
3084=back
32eab2da 3085
32eab2da 3086=head1 ACKNOWLEDGEMENTS
3087
3088There are a number of individuals that have really helped out with
3089this module. Unfortunately, most of them submitted bugs via CPAN
3090so I have no idea who they are! But the people I do know are:
3091
9d48860e 3092 Ash Berlin (order_by hash term support)
b643abe1 3093 Matt Trout (DBIx::Class support)
32eab2da 3094 Mark Stosberg (benchmarking)
3095 Chas Owens (initial "IN" operator support)
3096 Philip Collins (per-field SQL functions)
3097 Eric Kolve (hashref "AND" support)
3098 Mike Fragassi (enhancements to "BETWEEN" and "LIKE")
3099 Dan Kubb (support for "quote_char" and "name_sep")
f5aab26e 3100 Guillermo Roditi (patch to cleanup "IN" and "BETWEEN", fix and tests for _order_by)
48d9f5f8 3101 Laurent Dami (internal refactoring, extensible list of special operators, literal SQL)
dbdf7648 3102 Norbert Buchmuller (support for literal SQL in hashpair, misc. fixes & tests)
e96c510a 3103 Peter Rabbitson (rewrite of SQLA::Test, misc. fixes & tests)
02288357 3104 Oliver Charles (support for "RETURNING" after "INSERT")
32eab2da 3105
3106Thanks!
3107
32eab2da 3108=head1 SEE ALSO
3109
86298391 3110L<DBIx::Class>, L<DBIx::Abstract>, L<CGI::FormBuilder>, L<HTML::QuickTable>.
32eab2da 3111
32eab2da 3112=head1 AUTHOR
3113
b643abe1 3114Copyright (c) 2001-2007 Nathan Wiger <nwiger@cpan.org>. All Rights Reserved.
3115
3116This module is actively maintained by Matt Trout <mst@shadowcatsystems.co.uk>
32eab2da 3117
abe72f94 3118For support, your best bet is to try the C<DBIx::Class> users mailing list.
3119While not an official support venue, C<DBIx::Class> makes heavy use of
3120C<SQL::Abstract>, and as such list members there are very familiar with
3121how to create queries.
3122
0d067ded 3123=head1 LICENSE
3124
d988ab87 3125This module is free software; you may copy this under the same
3126terms as perl itself (either the GNU General Public License or
3127the Artistic License)
32eab2da 3128
3129=cut
3130
Unnamed repository; edit this file 'description' to name the repository.