1 package DBIx::Class::Storage::DBI::NoBindVars;
6 use base 'DBIx::Class::Storage::DBI';
8 use Carp::Clan qw/^DBIx::Class/;
12 DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables
16 This class allows queries to work when the DBD or underlying library does not
17 support the usual C<?> placeholders, or at least doesn't support them very
18 well, as is the case with L<DBD::Sybase>
24 We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
30 my $retval = $self->next::method(@_);
31 $self->disable_sth_caching(1);
35 =head2 _prep_for_execute
37 Manually subs in the values for the usual C<?> placeholders.
41 sub _prep_for_execute {
44 my ($op, $extra_bind, $ident, $args) = @_;
46 my ($sql, $bind) = $self->next::method(@_);
48 # stringify args, quote via $dbh, and manually insert
50 my @sql_part = split /\?/, $sql;
53 my $result_sources = {};
55 foreach my $bound (@$bind) {
56 my $col = shift @$bound;
58 my $name_sep = $self->_sql_maker_opts->{name_sep} || '.';
60 $col =~ s/^([^\Q${name_sep}\E]*)\Q${name_sep}\E//;
61 my $alias = $1 || 'me';
63 $result_sources->{$alias} ||=
64 $self->_resolve_ident_sources($ident)->{$alias};
65 my $rsrc = $result_sources->{$alias};
67 my $datatype = $rsrc->column_info($col)->{data_type};
69 foreach my $data (@$bound) {
73 $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
74 $new_sql .= shift(@sql_part) . $data;
77 $new_sql .= join '', @sql_part;
79 return ($new_sql, []);
82 =head2 should_quote_data_type
84 This method is called by L</_prep_for_execute> for every column in
85 order to determine if its value should be quoted or not. The arguments
86 are the current column data type and the actual bind value. The return
87 value is interpreted as: true - do quote, false - do not quote. You should
88 override this in you Storage::DBI::<database> subclass, if your RDBMS
89 does not like quotes around certain datatypes (e.g. Sybase and integer
90 columns). The default method always returns true (do quote).
94 Always validate that the bind-value is valid for the current datatype.
95 Otherwise you may very well open the door to SQL injection attacks.
99 sub should_quote_data_type { 1 }
103 Brandon Black <blblack@gmail.com>
105 Trym Skaar <trym@tryms.no>
109 You may distribute this code under the same terms as Perl itself.