1 package SQL::Abstract; # see doc at end of file
3 # LDNOTE : this code is heavy refactoring from original SQLA.
4 # Several design decisions will need discussion during
5 # the test / diffusion / acceptance phase; those are marked with flag
6 # 'LDNOTE' (note by laurent.dami AT free.fr)
11 use Data::Query::Constants qw(
12 DQ_IDENTIFIER DQ_OPERATOR DQ_VALUE DQ_LITERAL DQ_JOIN DQ_SELECT DQ_ORDER
13 DQ_WHERE DQ_DELETE DQ_UPDATE DQ_INSERT
15 use Data::Query::ExprHelpers qw(perl_scalar_value);
18 #======================================================================
20 #======================================================================
22 our $VERSION = '1.72';
24 # This would confuse some packagers
25 $VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
29 #======================================================================
30 # DEBUGGING AND ERROR REPORTING
31 #======================================================================
34 return unless $_[0]->{debug}; shift; # a little faster
35 my $func = (caller(1))[3];
36 warn "[$func] ", @_, "\n";
40 my($func) = (caller(1))[3];
41 Carp::carp "[$func] Warning: ", @_;
45 my($func) = (caller(1))[3];
46 Carp::croak "[$func] Fatal: ", @_;
50 #======================================================================
52 #======================================================================
55 is => 'ro', coerce => sub { $_[0] eq 'lower' ? 'lower' : undef }
59 is => 'ro', coerce => sub { uc($_[0]) }, default => sub { 'OR' }
63 is => 'ro', default => sub { 'normal' }
66 has cmp => (is => 'ro', default => sub { '=' });
69 # try to recognize which are the 'equality' and 'unequality' ops
70 # (temporary quickfix, should go through a more seasoned API)
73 is => 'ro', lazy => 1,
74 default => sub { qr/^(\Q${\$_[0]->cmp}\E|is|(is\s+)?like)$/i }
77 has inequality_op => (
79 default => sub { qr/^(!=|<>|(is\s+)?not(\s+like)?)$/i }
83 has sqltrue => (is => 'ro', default => sub { '1=1' });
84 has sqlfalse => (is => 'ro', default => sub { '0=1' });
86 has special_ops => (is => 'ro', default => sub { [] });
87 has unary_ops => (is => 'ro', default => sub { [] });
89 # rudimentary saniy-check for user supplied bits treated as functions/operators
90 # If a purported function matches this regular expression, an exception is thrown.
91 # Literal SQL is *NOT* subject to this check, only functions (and column names
92 # when quoting is not in effect)
95 # need to guard against ()'s in column names too, but this will break tons of
96 # hacks... ideas anyone?
98 has injection_guard => (
109 has renderer => (is => 'lazy');
111 has name_sep => (is => 'ro', default => sub { '.' });
113 has quote_char => (is => 'ro');
115 has always_quote => (is => 'ro', default => sub { 1 });
117 has convert => (is => 'ro');
119 has array_datatypes => (is => 'ro');
121 sub _build_renderer {
123 require Data::Query::Renderer::SQL::Naive;
125 for ($self->quote_char) {
126 $chars = defined() ? (ref() ? $_ : [$_]) : ['',''];
128 Data::Query::Renderer::SQL::Naive->new({
129 quote_chars => $chars, always_quote => $self->always_quote,
130 identifier_sep => $self->name_sep,
131 ($self->case ? (lc_keywords => 1) : ()), # always 'lower' if it exists
136 my ($self, $dq) = @_;
140 my ($sql, @bind) = @{$self->renderer->render($dq)};
142 ($self->{bindtype} eq 'normal'
143 ? ($sql, map $_->{value}, @bind)
144 : ($sql, map [ $_->{value_meta}, $_->{value} ], @bind)
150 my ($self, $type, @args) = @_;
151 $self->_render_dq($self->${\"_${type}_to_dq"}(@args));
155 my ($self, $literal) = @_;
157 ($literal, @bind) = @$literal if ref($literal) eq 'ARRAY';
162 (@bind ? (values => [ $self->_bind_to_dq(@bind) ]) : ()),
167 my ($self, @bind) = @_;
169 $self->{bindtype} eq 'normal'
170 ? map perl_scalar_value($_), @bind
172 $self->_assert_bindval_matches_bindtype(@bind);
173 map perl_scalar_value(reverse @$_), @bind
178 my ($self, $value) = @_;
179 $self->_maybe_convert_dq(perl_scalar_value($value, our $Cur_Col_Meta));
183 my ($self, $ident) = @_;
184 $self->_assert_pass_injection_guard($ident)
185 unless $self->renderer->quote_chars->[0] && $self->renderer->always_quote;
186 $self->_maybe_convert_dq({
187 type => DQ_IDENTIFIER,
188 elements => [ split /\Q${\$self->renderer->identifier_sep}/, $ident ],
192 sub _maybe_convert_dq {
193 my ($self, $dq) = @_;
194 if (my $c = $self->{where_convert}) {
197 operator => { 'SQL.Naive' => 'apply' },
199 { type => DQ_IDENTIFIER, elements => [ $self->_sqlcase($c) ] },
209 my ($self, $op, @args) = @_;
210 $self->_assert_pass_injection_guard($op);
213 operator => { 'SQL.Naive' => $op },
218 sub _assert_pass_injection_guard {
219 if ($_[1] =~ $_[0]->{injection_guard}) {
220 my $class = ref $_[0];
221 puke "Possible SQL injection attempt '$_[1]'. If this is indeed a part of the "
222 . "desired SQL use literal SQL ( \'...' or \[ '...' ] ) or supply your own "
223 . "{injection_guard} attribute to ${class}->new()"
228 #======================================================================
230 #======================================================================
232 sub insert { shift->_render_sqla(insert => @_) }
235 my ($self, $table, $data, $options) = @_;
236 my (@names, @values);
237 if (ref($data) eq 'HASH') {
238 @names = sort keys %$data;
239 foreach my $k (@names) {
240 local our $Cur_Col_Meta = $k;
241 push @values, $self->_mutation_rhs_to_dq($data->{$k});
243 } elsif (ref($data) eq 'ARRAY') {
244 local our $Cur_Col_Meta;
245 @values = map $self->_mutation_rhs_to_dq($_), @$data;
247 die "Not handled yet";
250 if (my $r_source = $options->{returning}) {
252 map +(ref($_) ? $self->_expr_to_dq($_) : $self->_ident_to_dq($_)),
253 (ref($r_source) eq 'ARRAY' ? @$r_source : $r_source),
258 target => $self->_table_to_dq($table),
259 (@names ? (names => [ map $self->_ident_to_dq($_), @names ]) : ()),
260 values => [ \@values ],
261 ($returning ? (returning => $returning) : ()),
265 sub _mutation_rhs_to_dq {
267 if (ref($v) eq 'ARRAY') {
268 if ($self->{array_datatypes}) {
269 return $self->_value_to_dq($v);
271 $v = \do { my $x = $v };
273 if (ref($v) eq 'HASH') {
274 my ($op, $arg, @rest) = %$v;
276 puke 'Operator calls in update/insert must be in the form { -op => $arg }'
277 if (@rest or not $op =~ /^\-(.+)/);
279 return $self->_expr_to_dq($v);
282 #======================================================================
284 #======================================================================
287 sub update { shift->_render_sqla(update => @_) }
290 my ($self, $table, $data, $where) = @_;
292 puke "Unsupported data type specified to \$sql->update"
293 unless ref $data eq 'HASH';
297 foreach my $k (sort keys %$data) {
299 local our $Cur_Col_Meta = $k;
300 push @set, [ $self->_ident_to_dq($k), $self->_mutation_rhs_to_dq($v) ];
305 target => $self->_table_to_dq($table),
307 where => $self->_where_to_dq($where),
312 #======================================================================
314 #======================================================================
317 my ($self, $table, $where) = @_;
319 my $source_dq = $self->_table_to_dq($table);
321 if (my $where_dq = $self->_where_to_dq($where)) {
332 sub select { shift->_render_sqla(select => @_) }
335 my ($self, $table, $fields, $where, $order) = @_;
338 my $source_dq = $self->_source_to_dq($table, $where);
343 map $self->_ident_to_dq($_),
344 ref($fields) eq 'ARRAY' ? @$fields : $fields
350 $final_dq = $self->_order_by_to_dq($order, undef, $final_dq);
356 #======================================================================
358 #======================================================================
361 sub delete { shift->_render_sqla(delete => @_) }
364 my ($self, $table, $where) = @_;
367 target => $self->_table_to_dq($table),
368 where => $self->_where_to_dq($where),
373 #======================================================================
375 #======================================================================
379 # Finally, a separate routine just to handle WHERE clauses
381 my ($self, $where, $order) = @_;
387 ($sql, @bind) = $self->_recurse_where($where) if defined($where);
388 $sql = $sql ? $self->_sqlcase(' where ') . "( $sql )" : '';
392 $sql .= $self->_order_by($order);
395 return wantarray ? ($sql, @bind) : $sql;
398 sub _recurse_where { shift->_render_sqla(where => @_) }
401 my ($self, $where, $logic) = @_;
403 return undef unless defined($where);
405 # turn the convert misfeature on - only used in WHERE clauses
406 local $self->{where_convert} = $self->{convert};
408 return $self->_expr_to_dq($where, $logic);
412 my ($self, $where, $logic) = @_;
414 if (ref($where) eq 'ARRAY') {
415 return $self->_expr_to_dq_ARRAYREF($where, $logic);
416 } elsif (ref($where) eq 'HASH') {
417 return $self->_expr_to_dq_HASHREF($where, $logic);
419 ref($where) eq 'SCALAR'
420 or (ref($where) eq 'REF' and ref($$where) eq 'ARRAY')
422 return $self->_literal_to_dq($$where);
423 } elsif (!ref($where) or Scalar::Util::blessed($where)) {
424 return $self->_value_to_dq($where);
426 die "Can't handle $where";
429 sub _expr_to_dq_ARRAYREF {
430 my ($self, $where, $logic) = @_;
432 $logic = uc($logic || $self->{logic} || 'OR');
433 $logic eq 'AND' or $logic eq 'OR' or puke "unknown logic: $logic";
435 return unless @$where;
437 my ($first, @rest) = @$where;
439 return $self->_expr_to_dq($first) unless @rest;
443 $self->_where_hashpair_to_dq($first => shift(@rest));
445 $self->_expr_to_dq($first);
449 return $self->_expr_to_dq_ARRAYREF(\@rest, $logic) unless $first_dq;
452 $logic, $first_dq, $self->_expr_to_dq_ARRAYREF(\@rest, $logic)
456 sub _expr_to_dq_HASHREF {
457 my ($self, $where, $logic) = @_;
459 $logic = uc($logic) if $logic;
462 $self->_where_hashpair_to_dq($_ => $where->{$_}, $logic)
465 return $dq[0] unless @dq > 1;
467 my $final = pop(@dq);
469 foreach my $dq (reverse @dq) {
470 $final = $self->_op_to_dq($logic||'AND', $dq, $final);
476 sub _where_to_dq_SCALAR {
477 shift->_value_to_dq(@_);
481 my ($self, $op, $v) = @_;
482 my @args = map $self->_expr_to_dq($_), (ref($v) eq 'ARRAY' ? @$v : $v);
484 # Ok. Welcome to stupid compat code land. An SQLA expr that would in the
485 # absence of this piece of crazy render to:
491 # { -a => { -b => { -c => $x } } }
493 # actually needs to render to:
497 # because SQL sucks, and databases are hateful, and SQLA is Just That DWIM.
499 # However, we don't want to catch 'A(x)' and turn it into 'A x'
501 # So the way we deal with this is to go through all our arguments, and
502 # then if the argument is -also- an apply, i.e. at least 'B', we check
503 # its arguments - and if there's only one of them, and that isn't an apply,
504 # then we convert to the bareword form. The end result should be:
507 # A( B( x ) ) -> A( B x )
508 # A( B( C( x ) ) ) -> A( B( C x ) )
509 # A( B( x + y ) ) -> A( B( x + y ) )
510 # A( B( x, y ) ) -> A( B( x, y ) )
512 # If this turns out not to be quite right, please add additional tests
513 # to either 01generate.t or 02where.t *and* update this comment.
515 foreach my $arg (@args) {
517 $arg->{type} eq DQ_OPERATOR and $arg->{operator}{'SQL.Naive'} eq 'apply'
518 and @{$arg->{args}} == 2 and $arg->{args}[1]{type} ne DQ_OPERATOR
520 $arg->{operator}{'SQL.Naive'} = (shift @{$arg->{args}})->{elements}->[0];
523 $self->_assert_pass_injection_guard($op);
524 return $self->_op_to_dq(
525 apply => $self->_ident_to_dq($op), @args
529 sub _where_hashpair_to_dq {
530 my ($self, $k, $v, $logic) = @_;
532 if ($k =~ /^-(.*)/s) {
534 if ($op eq 'AND' or $op eq 'OR') {
535 return $self->_expr_to_dq($v, $op);
536 } elsif ($op eq 'NEST') {
537 return $self->_expr_to_dq($v);
538 } elsif ($op eq 'NOT') {
539 return $self->_op_to_dq(NOT => $self->_expr_to_dq($v));
540 } elsif ($op eq 'BOOL') {
541 return ref($v) ? $self->_expr_to_dq($v) : $self->_ident_to_dq($v);
542 } elsif ($op eq 'NOT_BOOL') {
543 return $self->_op_to_dq(
544 NOT => ref($v) ? $self->_expr_to_dq($v) : $self->_ident_to_dq($v)
546 } elsif ($op eq 'IDENT') {
547 return $self->_ident_to_dq($v);
548 } elsif ($op eq 'VALUE') {
549 return $self->_value_to_dq($v);
550 } elsif ($op =~ /^(?:AND|OR|NEST)_?\d+/) {
551 die "Use of [and|or|nest]_N modifiers is no longer supported";
553 return $self->_apply_to_dq($op, $v);
556 local our $Cur_Col_Meta = $k;
557 if (ref($v) eq 'ARRAY') {
559 return $self->_literal_to_dq($self->{sqlfalse});
560 } elsif (defined($v->[0]) && $v->[0] =~ /-(and|or)/i) {
561 return $self->_expr_to_dq_ARRAYREF([
562 map +{ $k => $_ }, @{$v}[1..$#$v]
565 return $self->_expr_to_dq_ARRAYREF([
566 map +{ $k => $_ }, @$v
568 } elsif (ref($v) eq 'SCALAR' or (ref($v) eq 'REF' and ref($$v) eq 'ARRAY')) {
572 parts => [ $self->_ident_to_dq($k), $self->_literal_to_dq($$v) ]
575 my ($op, $rhs) = do {
576 if (ref($v) eq 'HASH') {
578 return $self->_expr_to_dq_ARRAYREF([
579 map +{ $k => { $_ => $v->{$_} } }, sort keys %$v
582 my ($op, $value) = %$v;
583 s/^-//, s/_/ /g for $op;
584 if ($op =~ /^(and|or)$/i) {
585 return $self->_expr_to_dq({ $k => $value }, $op);
587 my $special_op = List::Util::first {$op =~ $_->{regex}}
588 @{$self->{special_ops}}
590 return $self->_literal_to_dq(
591 [ $self->${\$special_op->{handler}}($k, $op, $value) ]
593 } elsif ($op =~ /^(?:AND|OR|NEST)_?\d+$/i) {
594 die "Use of [and|or|nest]_N modifiers is no longer supported";
601 if ($op eq 'BETWEEN' or $op eq 'IN' or $op eq 'NOT IN' or $op eq 'NOT BETWEEN') {
602 if (ref($rhs) ne 'ARRAY') {
604 # have to add parens if none present because -in => \"SELECT ..."
605 # got documented. mst hates everything.
606 if (ref($rhs) eq 'SCALAR') {
608 1 while ($x =~ s/\A\s*\((.*)\)\s*\Z/$1/s);
611 my ($x, @rest) = @{$$rhs};
612 1 while ($x =~ s/\A\s*\((.*)\)\s*\Z/$1/s);
613 $rhs = \[ $x, @rest ];
616 return $self->_op_to_dq(
617 $op, $self->_ident_to_dq($k), $self->_literal_to_dq($$rhs)
620 return $self->_literal_to_dq($self->{sqlfalse}) unless @$rhs;
621 return $self->_op_to_dq(
622 $op, $self->_ident_to_dq($k), map $self->_expr_to_dq($_), @$rhs
624 } elsif ($op =~ s/^NOT (?!LIKE)//) {
625 return $self->_where_hashpair_to_dq(-not => { $k => { $op => $rhs } });
626 } elsif ($op eq 'IDENT') {
627 return $self->_op_to_dq(
628 $self->{cmp}, $self->_ident_to_dq($k), $self->_ident_to_dq($rhs)
630 } elsif ($op eq 'VALUE') {
631 return $self->_op_to_dq(
632 $self->{cmp}, $self->_ident_to_dq($k), $self->_value_to_dq($rhs)
634 } elsif (!defined($rhs)) {
636 if ($op eq '=' or $op eq 'LIKE') {
638 } elsif ($op eq '!=') {
641 die "Can't do undef -> NULL transform for operator ${op}";
644 return $self->_op_to_dq($null_op, $self->_ident_to_dq($k));
646 if (ref($rhs) eq 'ARRAY') {
648 return $self->_literal_to_dq(
649 $op eq '!=' ? $self->{sqltrue} : $self->{sqlfalse}
651 } elsif (defined($rhs->[0]) and $rhs->[0] =~ /^-(and|or)$/i) {
652 return $self->_expr_to_dq_ARRAYREF([
653 map +{ $k => { $op => $_ } }, @{$rhs}[1..$#$rhs]
655 } elsif ($op =~ /^-(?:AND|OR|NEST)_?\d+/) {
656 die "Use of [and|or|nest]_N modifiers is no longer supported";
658 return $self->_expr_to_dq_ARRAYREF([
659 map +{ $k => { $op => $_ } }, @$rhs
662 return $self->_op_to_dq(
663 $op, $self->_ident_to_dq($k), $self->_expr_to_dq($rhs)
668 #======================================================================
670 #======================================================================
673 my ($self, $arg) = @_;
674 if (my $dq = $self->_order_by_to_dq($arg)) {
675 # SQLA generates ' ORDER BY foo'. The hilarity.
677 ? do { my @r = $self->_render_dq($dq); $r[0] = ' '.$r[0]; @r }
678 : ' '.$self->_render_dq($dq);
684 sub _order_by_to_dq {
685 my ($self, $arg, $dir, $from) = @_;
691 ($dir ? (direction => $dir) : ()),
692 ($from ? (from => $from) : ()),
696 $dq->{by} = $self->_ident_to_dq($arg);
697 } elsif (ref($arg) eq 'ARRAY') {
699 local our $Order_Inner unless our $Order_Recursing;
700 local $Order_Recursing = 1;
702 foreach my $member (@$arg) {
704 my $next = $self->_order_by_to_dq($member, $dir, $from);
706 $inner->{from} = $next if $inner;
707 $inner = $Order_Inner || $next;
709 $Order_Inner = $inner;
711 } elsif (ref($arg) eq 'REF' and ref($$arg) eq 'ARRAY') {
712 $dq->{by} = $self->_literal_to_dq($$arg);
713 } elsif (ref($arg) eq 'SCALAR') {
714 $dq->{by} = $self->_literal_to_dq($$arg);
715 } elsif (ref($arg) eq 'HASH') {
716 my ($key, $val, @rest) = %$arg;
720 if (@rest or not $key =~ /^-(desc|asc)/i) {
721 puke "hash passed to _order_by must have exactly one key (-desc or -asc)";
724 return $self->_order_by_to_dq($val, $dir, $from);
726 die "Can't handle $arg in _order_by_to_dq";
731 #======================================================================
732 # DATASOURCE (FOR NOW, JUST PLAIN TABLE OR LIST OF TABLES)
733 #======================================================================
735 sub _table { shift->_render_sqla(table => @_) }
738 my ($self, $from) = @_;
739 if (ref($from) eq 'ARRAY') {
740 die "Empty FROM list" unless my @f = @$from;
741 my $dq = $self->_table_to_dq(shift @f);
742 while (my $x = shift @f) {
745 join => [ $dq, $self->_table_to_dq($x) ]
749 } elsif (ref($from) eq 'SCALAR') {
756 $self->_ident_to_dq($from);
761 #======================================================================
763 #======================================================================
765 # highly optimized, as it's called way too often
767 # my ($self, $label) = @_;
769 return '' unless defined $_[1];
770 return ${$_[1]} if ref($_[1]) eq 'SCALAR';
772 unless ($_[0]->{quote_char}) {
773 $_[0]->_assert_pass_injection_guard($_[1]);
777 my $qref = ref $_[0]->{quote_char};
780 ($l, $r) = ( $_[0]->{quote_char}, $_[0]->{quote_char} );
782 elsif ($qref eq 'ARRAY') {
783 ($l, $r) = @{$_[0]->{quote_char}};
786 puke "Unsupported quote_char format: $_[0]->{quote_char}";
789 # parts containing * are naturally unquoted
790 return join( $_[0]->{name_sep}||'', map
791 { $_ eq '*' ? $_ : $l . $_ . $r }
792 ( $_[0]->{name_sep} ? split (/\Q$_[0]->{name_sep}\E/, $_[1] ) : $_[1] )
797 # Conversion, if applicable
799 #my ($self, $arg) = @_;
801 # LDNOTE : modified the previous implementation below because
802 # it was not consistent : the first "return" is always an array,
803 # the second "return" is context-dependent. Anyway, _convert
804 # seems always used with just a single argument, so make it a
806 # return @_ unless $self->{convert};
807 # my $conv = $self->_sqlcase($self->{convert});
808 # my @ret = map { $conv.'('.$_.')' } @_;
809 # return wantarray ? @ret : $ret[0];
810 if ($_[0]->{convert}) {
811 return $_[0]->_sqlcase($_[0]->{convert}) .'(' . $_[1] . ')';
818 #my ($self, $col, @vals) = @_;
820 #LDNOTE : changed original implementation below because it did not make
821 # sense when bindtype eq 'columns' and @vals > 1.
822 # return $self->{bindtype} eq 'columns' ? [ $col, @vals ] : @vals;
824 # called often - tighten code
825 return $_[0]->{bindtype} eq 'columns'
826 ? map {[$_[1], $_]} @_[2 .. $#_]
831 # Dies if any element of @bind is not in [colname => value] format
832 # if bindtype is 'columns'.
833 sub _assert_bindval_matches_bindtype {
834 # my ($self, @bind) = @_;
836 if ($self->{bindtype} eq 'columns') {
838 if (!defined $_ || ref($_) ne 'ARRAY' || @$_ != 2) {
839 puke "bindtype 'columns' selected, you need to pass: [column_name => bind_value]"
845 # Fix SQL case, if so requested
847 # LDNOTE: if $self->{case} is true, then it contains 'lower', so we
848 # don't touch the argument ... crooked logic, but let's not change it!
849 return $_[0]->{case} ? $_[1] : uc($_[1]);
852 #======================================================================
853 # VALUES, GENERATE, AUTOLOAD
854 #======================================================================
856 # LDNOTE: original code from nwiger, didn't touch code in that section
857 # I feel the AUTOLOAD stuff should not be the default, it should
858 # only be activated on explicit demand by user.
862 my $data = shift || return;
863 puke "Argument to ", __PACKAGE__, "->values must be a \\%hash"
864 unless ref $data eq 'HASH';
867 foreach my $k ( sort keys %$data ) {
869 local our $Cur_Col_Meta = $k;
870 my ($sql, @bind) = $self->_render_sqla(
873 push @all_bind, @bind;
882 my(@sql, @sqlq, @sqlv);
886 if ($ref eq 'HASH') {
887 for my $k (sort keys %$_) {
890 my $label = $self->_quote($k);
892 # literal SQL with bind
893 my ($sql, @bind) = @$v;
894 $self->_assert_bindval_matches_bindtype(@bind);
895 push @sqlq, "$label = $sql";
897 } elsif ($r eq 'SCALAR') {
898 # literal SQL without bind
899 push @sqlq, "$label = $$v";
901 push @sqlq, "$label = ?";
902 push @sqlv, $self->_bindtype($k, $v);
905 push @sql, $self->_sqlcase('set'), join ', ', @sqlq;
906 } elsif ($ref eq 'ARRAY') {
907 # unlike insert(), assume these are ONLY the column names, i.e. for SQL
910 if ($r eq 'ARRAY') { # literal SQL with bind
911 my ($sql, @bind) = @$v;
912 $self->_assert_bindval_matches_bindtype(@bind);
915 } elsif ($r eq 'SCALAR') { # literal SQL without bind
916 # embedded literal SQL
923 push @sql, '(' . join(', ', @sqlq) . ')';
924 } elsif ($ref eq 'SCALAR') {
928 # strings get case twiddled
929 push @sql, $self->_sqlcase($_);
933 my $sql = join ' ', @sql;
935 # this is pretty tricky
936 # if ask for an array, return ($stmt, @bind)
937 # otherwise, s/?/shift @sqlv/ to put it inline
939 return ($sql, @sqlv);
941 1 while $sql =~ s/\?/my $d = shift(@sqlv);
942 ref $d ? $d->[1] : $d/e;
951 # # This allows us to check for a local, then _form, attr
953 # my($name) = $AUTOLOAD =~ /.*::(.+)/;
954 # return $self->generate($name, @_);
965 SQL::Abstract - Generate SQL from Perl data structures
971 my $sql = SQL::Abstract->new;
973 my($stmt, @bind) = $sql->select($table, \@fields, \%where, \@order);
975 my($stmt, @bind) = $sql->insert($table, \%fieldvals || \@values);
977 my($stmt, @bind) = $sql->update($table, \%fieldvals, \%where);
979 my($stmt, @bind) = $sql->delete($table, \%where);
981 # Then, use these in your DBI statements
982 my $sth = $dbh->prepare($stmt);
983 $sth->execute(@bind);
985 # Just generate the WHERE clause
986 my($stmt, @bind) = $sql->where(\%where, \@order);
988 # Return values in the same order, for hashed queries
989 # See PERFORMANCE section for more details
990 my @bind = $sql->values(\%fieldvals);
994 This module was inspired by the excellent L<DBIx::Abstract>.
995 However, in using that module I found that what I really wanted
996 to do was generate SQL, but still retain complete control over my
997 statement handles and use the DBI interface. So, I set out to
998 create an abstract SQL generation module.
1000 While based on the concepts used by L<DBIx::Abstract>, there are
1001 several important differences, especially when it comes to WHERE
1002 clauses. I have modified the concepts used to make the SQL easier
1003 to generate from Perl data structures and, IMO, more intuitive.
1004 The underlying idea is for this module to do what you mean, based
1005 on the data structures you provide it. The big advantage is that
1006 you don't have to modify your code every time your data changes,
1007 as this module figures it out.
1009 To begin with, an SQL INSERT is as easy as just specifying a hash
1010 of C<key=value> pairs:
1013 name => 'Jimbo Bobson',
1014 phone => '123-456-7890',
1015 address => '42 Sister Lane',
1016 city => 'St. Louis',
1017 state => 'Louisiana',
1020 The SQL can then be generated with this:
1022 my($stmt, @bind) = $sql->insert('people', \%data);
1024 Which would give you something like this:
1026 $stmt = "INSERT INTO people
1027 (address, city, name, phone, state)
1028 VALUES (?, ?, ?, ?, ?)";
1029 @bind = ('42 Sister Lane', 'St. Louis', 'Jimbo Bobson',
1030 '123-456-7890', 'Louisiana');
1032 These are then used directly in your DBI code:
1034 my $sth = $dbh->prepare($stmt);
1035 $sth->execute(@bind);
1037 =head2 Inserting and Updating Arrays
1039 If your database has array types (like for example Postgres),
1040 activate the special option C<< array_datatypes => 1 >>
1041 when creating the C<SQL::Abstract> object.
1042 Then you may use an arrayref to insert and update database array types:
1044 my $sql = SQL::Abstract->new(array_datatypes => 1);
1046 planets => [qw/Mercury Venus Earth Mars/]
1049 my($stmt, @bind) = $sql->insert('solar_system', \%data);
1053 $stmt = "INSERT INTO solar_system (planets) VALUES (?)"
1055 @bind = (['Mercury', 'Venus', 'Earth', 'Mars']);
1058 =head2 Inserting and Updating SQL
1060 In order to apply SQL functions to elements of your C<%data> you may
1061 specify a reference to an arrayref for the given hash value. For example,
1062 if you need to execute the Oracle C<to_date> function on a value, you can
1063 say something like this:
1067 date_entered => \["to_date(?,'MM/DD/YYYY')", "03/02/2003"],
1070 The first value in the array is the actual SQL. Any other values are
1071 optional and would be included in the bind values array. This gives
1074 my($stmt, @bind) = $sql->insert('people', \%data);
1076 $stmt = "INSERT INTO people (name, date_entered)
1077 VALUES (?, to_date(?,'MM/DD/YYYY'))";
1078 @bind = ('Bill', '03/02/2003');
1080 An UPDATE is just as easy, all you change is the name of the function:
1082 my($stmt, @bind) = $sql->update('people', \%data);
1084 Notice that your C<%data> isn't touched; the module will generate
1085 the appropriately quirky SQL for you automatically. Usually you'll
1086 want to specify a WHERE clause for your UPDATE, though, which is
1087 where handling C<%where> hashes comes in handy...
1089 =head2 Complex where statements
1091 This module can generate pretty complicated WHERE statements
1092 easily. For example, simple C<key=value> pairs are taken to mean
1093 equality, and if you want to see if a field is within a set
1094 of values, you can use an arrayref. Let's say we wanted to
1095 SELECT some data based on this criteria:
1098 requestor => 'inna',
1099 worker => ['nwiger', 'rcwe', 'sfz'],
1100 status => { '!=', 'completed' }
1103 my($stmt, @bind) = $sql->select('tickets', '*', \%where);
1105 The above would give you something like this:
1107 $stmt = "SELECT * FROM tickets WHERE
1108 ( requestor = ? ) AND ( status != ? )
1109 AND ( worker = ? OR worker = ? OR worker = ? )";
1110 @bind = ('inna', 'completed', 'nwiger', 'rcwe', 'sfz');
1112 Which you could then use in DBI code like so:
1114 my $sth = $dbh->prepare($stmt);
1115 $sth->execute(@bind);
1121 The functions are simple. There's one for each major SQL operation,
1122 and a constructor you use first. The arguments are specified in a
1123 similar order to each function (table, then fields, then a where
1124 clause) to try and simplify things.
1129 =head2 new(option => 'value')
1131 The C<new()> function takes a list of options and values, and returns
1132 a new B<SQL::Abstract> object which can then be used to generate SQL
1133 through the methods below. The options accepted are:
1139 If set to 'lower', then SQL will be generated in all lowercase. By
1140 default SQL is generated in "textbook" case meaning something like:
1142 SELECT a_field FROM a_table WHERE some_field LIKE '%someval%'
1144 Any setting other than 'lower' is ignored.
1148 This determines what the default comparison operator is. By default
1149 it is C<=>, meaning that a hash like this:
1151 %where = (name => 'nwiger', email => 'nate@wiger.org');
1153 Will generate SQL like this:
1155 WHERE name = 'nwiger' AND email = 'nate@wiger.org'
1157 However, you may want loose comparisons by default, so if you set
1158 C<cmp> to C<like> you would get SQL such as:
1160 WHERE name like 'nwiger' AND email like 'nate@wiger.org'
1162 You can also override the comparsion on an individual basis - see
1163 the huge section on L</"WHERE CLAUSES"> at the bottom.
1165 =item sqltrue, sqlfalse
1167 Expressions for inserting boolean values within SQL statements.
1168 By default these are C<1=1> and C<1=0>. They are used
1169 by the special operators C<-in> and C<-not_in> for generating
1170 correct SQL even when the argument is an empty array (see below).
1174 This determines the default logical operator for multiple WHERE
1175 statements in arrays or hashes. If absent, the default logic is "or"
1176 for arrays, and "and" for hashes. This means that a WHERE
1180 event_date => {'>=', '2/13/99'},
1181 event_date => {'<=', '4/24/03'},
1184 will generate SQL like this:
1186 WHERE event_date >= '2/13/99' OR event_date <= '4/24/03'
1188 This is probably not what you want given this query, though (look
1189 at the dates). To change the "OR" to an "AND", simply specify:
1191 my $sql = SQL::Abstract->new(logic => 'and');
1193 Which will change the above C<WHERE> to:
1195 WHERE event_date >= '2/13/99' AND event_date <= '4/24/03'
1197 The logic can also be changed locally by inserting
1198 a modifier in front of an arrayref :
1200 @where = (-and => [event_date => {'>=', '2/13/99'},
1201 event_date => {'<=', '4/24/03'} ]);
1203 See the L</"WHERE CLAUSES"> section for explanations.
1207 This will automatically convert comparisons using the specified SQL
1208 function for both column and value. This is mostly used with an argument
1209 of C<upper> or C<lower>, so that the SQL will have the effect of
1210 case-insensitive "searches". For example, this:
1212 $sql = SQL::Abstract->new(convert => 'upper');
1213 %where = (keywords => 'MaKe iT CAse inSeNSItive');
1215 Will turn out the following SQL:
1217 WHERE upper(keywords) like upper('MaKe iT CAse inSeNSItive')
1219 The conversion can be C<upper()>, C<lower()>, or any other SQL function
1220 that can be applied symmetrically to fields (actually B<SQL::Abstract> does
1221 not validate this option; it will just pass through what you specify verbatim).
1225 This is a kludge because many databases suck. For example, you can't
1226 just bind values using DBI's C<execute()> for Oracle C<CLOB> or C<BLOB> fields.
1227 Instead, you have to use C<bind_param()>:
1229 $sth->bind_param(1, 'reg data');
1230 $sth->bind_param(2, $lots, {ora_type => ORA_CLOB});
1232 The problem is, B<SQL::Abstract> will normally just return a C<@bind> array,
1233 which loses track of which field each slot refers to. Fear not.
1235 If you specify C<bindtype> in new, you can determine how C<@bind> is returned.
1236 Currently, you can specify either C<normal> (default) or C<columns>. If you
1237 specify C<columns>, you will get an array that looks like this:
1239 my $sql = SQL::Abstract->new(bindtype => 'columns');
1240 my($stmt, @bind) = $sql->insert(...);
1243 [ 'column1', 'value1' ],
1244 [ 'column2', 'value2' ],
1245 [ 'column3', 'value3' ],
1248 You can then iterate through this manually, using DBI's C<bind_param()>.
1250 $sth->prepare($stmt);
1253 my($col, $data) = @$_;
1254 if ($col eq 'details' || $col eq 'comments') {
1255 $sth->bind_param($i, $data, {ora_type => ORA_CLOB});
1256 } elsif ($col eq 'image') {
1257 $sth->bind_param($i, $data, {ora_type => ORA_BLOB});
1259 $sth->bind_param($i, $data);
1263 $sth->execute; # execute without @bind now
1265 Now, why would you still use B<SQL::Abstract> if you have to do this crap?
1266 Basically, the advantage is still that you don't have to care which fields
1267 are or are not included. You could wrap that above C<for> loop in a simple
1268 sub called C<bind_fields()> or something and reuse it repeatedly. You still
1269 get a layer of abstraction over manual SQL specification.
1271 Note that if you set L</bindtype> to C<columns>, the C<\[$sql, @bind]>
1272 construct (see L</Literal SQL with placeholders and bind values (subqueries)>)
1273 will expect the bind values in this format.
1277 This is the character that a table or column name will be quoted
1278 with. By default this is an empty string, but you could set it to
1279 the character C<`>, to generate SQL like this:
1281 SELECT `a_field` FROM `a_table` WHERE `some_field` LIKE '%someval%'
1283 Alternatively, you can supply an array ref of two items, the first being the left
1284 hand quote character, and the second the right hand quote character. For
1285 example, you could supply C<['[',']']> for SQL Server 2000 compliant quotes
1286 that generates SQL like this:
1288 SELECT [a_field] FROM [a_table] WHERE [some_field] LIKE '%someval%'
1290 Quoting is useful if you have tables or columns names that are reserved
1291 words in your database's SQL dialect.
1295 This is the character that separates a table and column name. It is
1296 necessary to specify this when the C<quote_char> option is selected,
1297 so that tables and column names can be individually quoted like this:
1299 SELECT `table`.`one_field` FROM `table` WHERE `table`.`other_field` = 1
1301 =item injection_guard
1303 A regular expression C<qr/.../> that is applied to any C<-function> and unquoted
1304 column name specified in a query structure. This is a safety mechanism to avoid
1305 injection attacks when mishandling user input e.g.:
1307 my %condition_as_column_value_pairs = get_values_from_user();
1308 $sqla->select( ... , \%condition_as_column_value_pairs );
1310 If the expression matches an exception is thrown. Note that literal SQL
1311 supplied via C<\'...'> or C<\['...']> is B<not> checked in any way.
1313 Defaults to checking for C<;> and the C<GO> keyword (TransactSQL)
1315 =item array_datatypes
1317 When this option is true, arrayrefs in INSERT or UPDATE are
1318 interpreted as array datatypes and are passed directly
1320 When this option is false, arrayrefs are interpreted
1321 as literal SQL, just like refs to arrayrefs
1322 (but this behavior is for backwards compatibility; when writing
1323 new queries, use the "reference to arrayref" syntax
1329 Takes a reference to a list of "special operators"
1330 to extend the syntax understood by L<SQL::Abstract>.
1331 See section L</"SPECIAL OPERATORS"> for details.
1335 Takes a reference to a list of "unary operators"
1336 to extend the syntax understood by L<SQL::Abstract>.
1337 See section L</"UNARY OPERATORS"> for details.
1343 =head2 insert($table, \@values || \%fieldvals, \%options)
1345 This is the simplest function. You simply give it a table name
1346 and either an arrayref of values or hashref of field/value pairs.
1347 It returns an SQL INSERT statement and a list of bind values.
1348 See the sections on L</"Inserting and Updating Arrays"> and
1349 L</"Inserting and Updating SQL"> for information on how to insert
1350 with those data types.
1352 The optional C<\%options> hash reference may contain additional
1353 options to generate the insert SQL. Currently supported options
1360 Takes either a scalar of raw SQL fields, or an array reference of
1361 field names, and adds on an SQL C<RETURNING> statement at the end.
1362 This allows you to return data generated by the insert statement
1363 (such as row IDs) without performing another C<SELECT> statement.
1364 Note, however, this is not part of the SQL standard and may not
1365 be supported by all database engines.
1369 =head2 update($table, \%fieldvals, \%where)
1371 This takes a table, hashref of field/value pairs, and an optional
1372 hashref L<WHERE clause|/WHERE CLAUSES>. It returns an SQL UPDATE function and a list
1374 See the sections on L</"Inserting and Updating Arrays"> and
1375 L</"Inserting and Updating SQL"> for information on how to insert
1376 with those data types.
1378 =head2 select($source, $fields, $where, $order)
1380 This returns a SQL SELECT statement and associated list of bind values, as
1381 specified by the arguments :
1387 Specification of the 'FROM' part of the statement.
1388 The argument can be either a plain scalar (interpreted as a table
1389 name, will be quoted), or an arrayref (interpreted as a list
1390 of table names, joined by commas, quoted), or a scalarref
1391 (literal table name, not quoted), or a ref to an arrayref
1392 (list of literal table names, joined by commas, not quoted).
1396 Specification of the list of fields to retrieve from
1398 The argument can be either an arrayref (interpreted as a list
1399 of field names, will be joined by commas and quoted), or a
1400 plain scalar (literal SQL, not quoted).
1401 Please observe that this API is not as flexible as for
1402 the first argument C<$table>, for backwards compatibility reasons.
1406 Optional argument to specify the WHERE part of the query.
1407 The argument is most often a hashref, but can also be
1408 an arrayref or plain scalar --
1409 see section L<WHERE clause|/"WHERE CLAUSES"> for details.
1413 Optional argument to specify the ORDER BY part of the query.
1414 The argument can be a scalar, a hashref or an arrayref
1415 -- see section L<ORDER BY clause|/"ORDER BY CLAUSES">
1421 =head2 delete($table, \%where)
1423 This takes a table name and optional hashref L<WHERE clause|/WHERE CLAUSES>.
1424 It returns an SQL DELETE statement and list of bind values.
1426 =head2 where(\%where, \@order)
1428 This is used to generate just the WHERE clause. For example,
1429 if you have an arbitrary data structure and know what the
1430 rest of your SQL is going to look like, but want an easy way
1431 to produce a WHERE clause, use this. It returns an SQL WHERE
1432 clause and list of bind values.
1435 =head2 values(\%data)
1437 This just returns the values from the hash C<%data>, in the same
1438 order that would be returned from any of the other above queries.
1439 Using this allows you to markedly speed up your queries if you
1440 are affecting lots of rows. See below under the L</"PERFORMANCE"> section.
1442 =head2 generate($any, 'number', $of, \@data, $struct, \%types)
1444 Warning: This is an experimental method and subject to change.
1446 This returns arbitrarily generated SQL. It's a really basic shortcut.
1447 It will return two different things, depending on return context:
1449 my($stmt, @bind) = $sql->generate('create table', \$table, \@fields);
1450 my $stmt_and_val = $sql->generate('create table', \$table, \@fields);
1452 These would return the following:
1454 # First calling form
1455 $stmt = "CREATE TABLE test (?, ?)";
1456 @bind = (field1, field2);
1458 # Second calling form
1459 $stmt_and_val = "CREATE TABLE test (field1, field2)";
1461 Depending on what you're trying to do, it's up to you to choose the correct
1462 format. In this example, the second form is what you would want.
1466 $sql->generate('alter session', { nls_date_format => 'MM/YY' });
1470 ALTER SESSION SET nls_date_format = 'MM/YY'
1472 You get the idea. Strings get their case twiddled, but everything
1473 else remains verbatim.
1475 =head1 WHERE CLAUSES
1479 This module uses a variation on the idea from L<DBIx::Abstract>. It
1480 is B<NOT>, repeat I<not> 100% compatible. B<The main logic of this
1481 module is that things in arrays are OR'ed, and things in hashes
1484 The easiest way to explain is to show lots of examples. After
1485 each C<%where> hash shown, it is assumed you used:
1487 my($stmt, @bind) = $sql->where(\%where);
1489 However, note that the C<%where> hash can be used directly in any
1490 of the other functions as well, as described above.
1492 =head2 Key-value pairs
1494 So, let's get started. To begin, a simple hash:
1498 status => 'completed'
1501 Is converted to SQL C<key = val> statements:
1503 $stmt = "WHERE user = ? AND status = ?";
1504 @bind = ('nwiger', 'completed');
1506 One common thing I end up doing is having a list of values that
1507 a field can be in. To do this, simply specify a list inside of
1512 status => ['assigned', 'in-progress', 'pending'];
1515 This simple code will create the following:
1517 $stmt = "WHERE user = ? AND ( status = ? OR status = ? OR status = ? )";
1518 @bind = ('nwiger', 'assigned', 'in-progress', 'pending');
1520 A field associated to an empty arrayref will be considered a
1521 logical false and will generate 0=1.
1523 =head2 Tests for NULL values
1525 If the value part is C<undef> then this is converted to SQL <IS NULL>
1534 $stmt = "WHERE user = ? AND status IS NULL";
1537 To test if a column IS NOT NULL:
1541 status => { '!=', undef },
1544 =head2 Specific comparison operators
1546 If you want to specify a different type of operator for your comparison,
1547 you can use a hashref for a given column:
1551 status => { '!=', 'completed' }
1554 Which would generate:
1556 $stmt = "WHERE user = ? AND status != ?";
1557 @bind = ('nwiger', 'completed');
1559 To test against multiple values, just enclose the values in an arrayref:
1561 status => { '=', ['assigned', 'in-progress', 'pending'] };
1563 Which would give you:
1565 "WHERE status = ? OR status = ? OR status = ?"
1568 The hashref can also contain multiple pairs, in which case it is expanded
1569 into an C<AND> of its elements:
1573 status => { '!=', 'completed', -not_like => 'pending%' }
1576 # Or more dynamically, like from a form
1577 $where{user} = 'nwiger';
1578 $where{status}{'!='} = 'completed';
1579 $where{status}{'-not_like'} = 'pending%';
1581 # Both generate this
1582 $stmt = "WHERE user = ? AND status != ? AND status NOT LIKE ?";
1583 @bind = ('nwiger', 'completed', 'pending%');
1586 To get an OR instead, you can combine it with the arrayref idea:
1590 priority => [ { '=', 2 }, { '>', 5 } ]
1593 Which would generate:
1595 $stmt = "WHERE ( priority = ? OR priority > ? ) AND user = ?";
1596 @bind = ('2', '5', 'nwiger');
1598 If you want to include literal SQL (with or without bind values), just use a
1599 scalar reference or array reference as the value:
1602 date_entered => { '>' => \["to_date(?, 'MM/DD/YYYY')", "11/26/2008"] },
1603 date_expires => { '<' => \"now()" }
1606 Which would generate:
1608 $stmt = "WHERE date_entered > "to_date(?, 'MM/DD/YYYY') AND date_expires < now()";
1609 @bind = ('11/26/2008');
1612 =head2 Logic and nesting operators
1614 In the example above,
1615 there is a subtle trap if you want to say something like
1616 this (notice the C<AND>):
1618 WHERE priority != ? AND priority != ?
1620 Because, in Perl you I<can't> do this:
1622 priority => { '!=', 2, '!=', 1 }
1624 As the second C<!=> key will obliterate the first. The solution
1625 is to use the special C<-modifier> form inside an arrayref:
1627 priority => [ -and => {'!=', 2},
1631 Normally, these would be joined by C<OR>, but the modifier tells it
1632 to use C<AND> instead. (Hint: You can use this in conjunction with the
1633 C<logic> option to C<new()> in order to change the way your queries
1634 work by default.) B<Important:> Note that the C<-modifier> goes
1635 B<INSIDE> the arrayref, as an extra first element. This will
1636 B<NOT> do what you think it might:
1638 priority => -and => [{'!=', 2}, {'!=', 1}] # WRONG!
1640 Here is a quick list of equivalencies, since there is some overlap:
1643 status => {'!=', 'completed', 'not like', 'pending%' }
1644 status => [ -and => {'!=', 'completed'}, {'not like', 'pending%'}]
1647 status => {'=', ['assigned', 'in-progress']}
1648 status => [ -or => {'=', 'assigned'}, {'=', 'in-progress'}]
1649 status => [ {'=', 'assigned'}, {'=', 'in-progress'} ]
1653 =head2 Special operators : IN, BETWEEN, etc.
1655 You can also use the hashref format to compare a list of fields using the
1656 C<IN> comparison operator, by specifying the list as an arrayref:
1659 status => 'completed',
1660 reportid => { -in => [567, 2335, 2] }
1663 Which would generate:
1665 $stmt = "WHERE status = ? AND reportid IN (?,?,?)";
1666 @bind = ('completed', '567', '2335', '2');
1668 The reverse operator C<-not_in> generates SQL C<NOT IN> and is used in
1671 If the argument to C<-in> is an empty array, 'sqlfalse' is generated
1672 (by default : C<1=0>). Similarly, C<< -not_in => [] >> generates
1673 'sqltrue' (by default : C<1=1>).
1675 In addition to the array you can supply a chunk of literal sql or
1676 literal sql with bind:
1679 customer => { -in => \[
1680 'SELECT cust_id FROM cust WHERE balance > ?',
1683 status => { -in => \'SELECT status_codes FROM states' },
1689 customer IN ( SELECT cust_id FROM cust WHERE balance > ? )
1690 AND status IN ( SELECT status_codes FROM states )
1696 Another pair of operators is C<-between> and C<-not_between>,
1697 used with an arrayref of two values:
1701 completion_date => {
1702 -not_between => ['2002-10-01', '2003-02-06']
1708 WHERE user = ? AND completion_date NOT BETWEEN ( ? AND ? )
1710 Just like with C<-in> all plausible combinations of literal SQL
1714 start0 => { -between => [ 1, 2 ] },
1715 start1 => { -between => \["? AND ?", 1, 2] },
1716 start2 => { -between => \"lower(x) AND upper(y)" },
1717 start3 => { -between => [
1719 \["upper(?)", 'stuff' ],
1726 ( start0 BETWEEN ? AND ? )
1727 AND ( start1 BETWEEN ? AND ? )
1728 AND ( start2 BETWEEN lower(x) AND upper(y) )
1729 AND ( start3 BETWEEN lower(x) AND upper(?) )
1731 @bind = (1, 2, 1, 2, 'stuff');
1734 These are the two builtin "special operators"; but the
1735 list can be expanded : see section L</"SPECIAL OPERATORS"> below.
1737 =head2 Unary operators: bool
1739 If you wish to test against boolean columns or functions within your
1740 database you can use the C<-bool> and C<-not_bool> operators. For
1741 example to test the column C<is_user> being true and the column
1742 C<is_enabled> being false you would use:-
1746 -not_bool => 'is_enabled',
1751 WHERE is_user AND NOT is_enabled
1753 If a more complex combination is required, testing more conditions,
1754 then you should use the and/or operators:-
1761 -not_bool => 'four',
1767 WHERE one AND two AND three AND NOT four
1770 =head2 Nested conditions, -and/-or prefixes
1772 So far, we've seen how multiple conditions are joined with a top-level
1773 C<AND>. We can change this by putting the different conditions we want in
1774 hashes and then putting those hashes in an array. For example:
1779 status => { -like => ['pending%', 'dispatched'] },
1783 status => 'unassigned',
1787 This data structure would create the following:
1789 $stmt = "WHERE ( user = ? AND ( status LIKE ? OR status LIKE ? ) )
1790 OR ( user = ? AND status = ? ) )";
1791 @bind = ('nwiger', 'pending', 'dispatched', 'robot', 'unassigned');
1794 Clauses in hashrefs or arrayrefs can be prefixed with an C<-and> or C<-or>
1795 to change the logic inside :
1801 -and => [ workhrs => {'>', 20}, geo => 'ASIA' ],
1802 -or => { workhrs => {'<', 50}, geo => 'EURO' },
1809 WHERE ( user = ? AND (
1810 ( workhrs > ? AND geo = ? )
1811 OR ( workhrs < ? OR geo = ? )
1814 =head3 Algebraic inconsistency, for historical reasons
1816 C<Important note>: when connecting several conditions, the C<-and->|C<-or>
1817 operator goes C<outside> of the nested structure; whereas when connecting
1818 several constraints on one column, the C<-and> operator goes
1819 C<inside> the arrayref. Here is an example combining both features :
1822 -and => [a => 1, b => 2],
1823 -or => [c => 3, d => 4],
1824 e => [-and => {-like => 'foo%'}, {-like => '%bar'} ]
1829 WHERE ( ( ( a = ? AND b = ? )
1830 OR ( c = ? OR d = ? )
1831 OR ( e LIKE ? AND e LIKE ? ) ) )
1833 This difference in syntax is unfortunate but must be preserved for
1834 historical reasons. So be careful : the two examples below would
1835 seem algebraically equivalent, but they are not
1837 {col => [-and => {-like => 'foo%'}, {-like => '%bar'}]}
1838 # yields : WHERE ( ( col LIKE ? AND col LIKE ? ) )
1840 [-and => {col => {-like => 'foo%'}, {col => {-like => '%bar'}}]]
1841 # yields : WHERE ( ( col LIKE ? OR col LIKE ? ) )
1844 =head2 Literal SQL and value type operators
1846 The basic premise of SQL::Abstract is that in WHERE specifications the "left
1847 side" is a column name and the "right side" is a value (normally rendered as
1848 a placeholder). This holds true for both hashrefs and arrayref pairs as you
1849 see in the L</WHERE CLAUSES> examples above. Sometimes it is necessary to
1850 alter this behavior. There are several ways of doing so.
1854 This is a virtual operator that signals the string to its right side is an
1855 identifier (a column name) and not a value. For example to compare two
1856 columns you would write:
1859 priority => { '<', 2 },
1860 requestor => { -ident => 'submitter' },
1865 $stmt = "WHERE priority < ? AND requestor = submitter";
1868 If you are maintaining legacy code you may see a different construct as
1869 described in L</Deprecated usage of Literal SQL>, please use C<-ident> in new
1874 This is a virtual operator that signals that the construct to its right side
1875 is a value to be passed to DBI. This is for example necessary when you want
1876 to write a where clause against an array (for RDBMS that support such
1877 datatypes). For example:
1880 array => { -value => [1, 2, 3] }
1885 $stmt = 'WHERE array = ?';
1886 @bind = ([1, 2, 3]);
1888 Note that if you were to simply say:
1894 the result would porbably be not what you wanted:
1896 $stmt = 'WHERE array = ? OR array = ? OR array = ?';
1901 Finally, sometimes only literal SQL will do. To include a random snippet
1902 of SQL verbatim, you specify it as a scalar reference. Consider this only
1903 as a last resort. Usually there is a better way. For example:
1906 priority => { '<', 2 },
1907 requestor => { -in => \'(SELECT name FROM hitmen)' },
1912 $stmt = "WHERE priority < ? AND requestor IN (SELECT name FROM hitmen)"
1915 Note that in this example, you only get one bind parameter back, since
1916 the verbatim SQL is passed as part of the statement.
1920 Never use untrusted input as a literal SQL argument - this is a massive
1921 security risk (there is no way to check literal snippets for SQL
1922 injections and other nastyness). If you need to deal with untrusted input
1923 use literal SQL with placeholders as described next.
1925 =head3 Literal SQL with placeholders and bind values (subqueries)
1927 If the literal SQL to be inserted has placeholders and bind values,
1928 use a reference to an arrayref (yes this is a double reference --
1929 not so common, but perfectly legal Perl). For example, to find a date
1930 in Postgres you can use something like this:
1933 date_column => \[q/= date '2008-09-30' - ?::integer/, 10/]
1938 $stmt = "WHERE ( date_column = date '2008-09-30' - ?::integer )"
1941 Note that you must pass the bind values in the same format as they are returned
1942 by L</where>. That means that if you set L</bindtype> to C<columns>, you must
1943 provide the bind values in the C<< [ column_meta => value ] >> format, where
1944 C<column_meta> is an opaque scalar value; most commonly the column name, but
1945 you can use any scalar value (including references and blessed references),
1946 L<SQL::Abstract> will simply pass it through intact. So if C<bindtype> is set
1947 to C<columns> the above example will look like:
1950 date_column => \[q/= date '2008-09-30' - ?::integer/, [ dummy => 10 ]/]
1953 Literal SQL is especially useful for nesting parenthesized clauses in the
1954 main SQL query. Here is a first example :
1956 my ($sub_stmt, @sub_bind) = ("SELECT c1 FROM t1 WHERE c2 < ? AND c3 LIKE ?",
1960 bar => \["IN ($sub_stmt)" => @sub_bind],
1965 $stmt = "WHERE (foo = ? AND bar IN (SELECT c1 FROM t1
1966 WHERE c2 < ? AND c3 LIKE ?))";
1967 @bind = (1234, 100, "foo%");
1969 Other subquery operators, like for example C<"E<gt> ALL"> or C<"NOT IN">,
1970 are expressed in the same way. Of course the C<$sub_stmt> and
1971 its associated bind values can be generated through a former call
1974 my ($sub_stmt, @sub_bind)
1975 = $sql->select("t1", "c1", {c2 => {"<" => 100},
1976 c3 => {-like => "foo%"}});
1979 bar => \["> ALL ($sub_stmt)" => @sub_bind],
1982 In the examples above, the subquery was used as an operator on a column;
1983 but the same principle also applies for a clause within the main C<%where>
1984 hash, like an EXISTS subquery :
1986 my ($sub_stmt, @sub_bind)
1987 = $sql->select("t1", "*", {c1 => 1, c2 => \"> t0.c0"});
1988 my %where = ( -and => [
1990 \["EXISTS ($sub_stmt)" => @sub_bind],
1995 $stmt = "WHERE (foo = ? AND EXISTS (SELECT * FROM t1
1996 WHERE c1 = ? AND c2 > t0.c0))";
2000 Observe that the condition on C<c2> in the subquery refers to
2001 column C<t0.c0> of the main query : this is I<not> a bind
2002 value, so we have to express it through a scalar ref.
2003 Writing C<< c2 => {">" => "t0.c0"} >> would have generated
2004 C<< c2 > ? >> with bind value C<"t0.c0"> ... not exactly
2005 what we wanted here.
2007 Finally, here is an example where a subquery is used
2008 for expressing unary negation:
2010 my ($sub_stmt, @sub_bind)
2011 = $sql->where({age => [{"<" => 10}, {">" => 20}]});
2012 $sub_stmt =~ s/^ where //i; # don't want "WHERE" in the subclause
2014 lname => {like => '%son%'},
2015 \["NOT ($sub_stmt)" => @sub_bind],
2020 $stmt = "lname LIKE ? AND NOT ( age < ? OR age > ? )"
2021 @bind = ('%son%', 10, 20)
2023 =head3 Deprecated usage of Literal SQL
2025 Below are some examples of archaic use of literal SQL. It is shown only as
2026 reference for those who deal with legacy code. Each example has a much
2027 better, cleaner and safer alternative that users should opt for in new code.
2033 my %where = ( requestor => \'IS NOT NULL' )
2035 $stmt = "WHERE requestor IS NOT NULL"
2037 This used to be the way of generating NULL comparisons, before the handling
2038 of C<undef> got formalized. For new code please use the superior syntax as
2039 described in L</Tests for NULL values>.
2043 my %where = ( requestor => \'= submitter' )
2045 $stmt = "WHERE requestor = submitter"
2047 This used to be the only way to compare columns. Use the superior L</-ident>
2048 method for all new code. For example an identifier declared in such a way
2049 will be properly quoted if L</quote_char> is properly set, while the legacy
2050 form will remain as supplied.
2054 my %where = ( is_ready => \"", completed => { '>', '2012-12-21' } )
2056 $stmt = "WHERE completed > ? AND is_ready"
2057 @bind = ('2012-12-21')
2059 Using an empty string literal used to be the only way to express a boolean.
2060 For all new code please use the much more readable
2061 L<-bool|/Unary operators: bool> operator.
2067 These pages could go on for a while, since the nesting of the data
2068 structures this module can handle are pretty much unlimited (the
2069 module implements the C<WHERE> expansion as a recursive function
2070 internally). Your best bet is to "play around" with the module a
2071 little to see how the data structures behave, and choose the best
2072 format for your data based on that.
2074 And of course, all the values above will probably be replaced with
2075 variables gotten from forms or the command line. After all, if you
2076 knew everything ahead of time, you wouldn't have to worry about
2077 dynamically-generating SQL and could just hardwire it into your
2080 =head1 ORDER BY CLAUSES
2082 Some functions take an order by clause. This can either be a scalar (just a
2083 column name,) a hash of C<< { -desc => 'col' } >> or C<< { -asc => 'col' } >>,
2084 or an array of either of the two previous forms. Examples:
2086 Given | Will Generate
2087 ----------------------------------------------------------
2089 \'colA DESC' | ORDER BY colA DESC
2091 'colA' | ORDER BY colA
2093 [qw/colA colB/] | ORDER BY colA, colB
2095 {-asc => 'colA'} | ORDER BY colA ASC
2097 {-desc => 'colB'} | ORDER BY colB DESC
2099 ['colA', {-asc => 'colB'}] | ORDER BY colA, colB ASC
2101 { -asc => [qw/colA colB/] } | ORDER BY colA ASC, colB ASC
2104 { -asc => 'colA' }, | ORDER BY colA ASC, colB DESC,
2105 { -desc => [qw/colB/], | colC ASC, colD ASC
2106 { -asc => [qw/colC colD/],|
2108 ===========================================================
2112 =head1 SPECIAL OPERATORS
2114 my $sqlmaker = SQL::Abstract->new(special_ops => [
2118 my ($self, $field, $op, $arg) = @_;
2124 handler => 'method_name',
2128 A "special operator" is a SQL syntactic clause that can be
2129 applied to a field, instead of a usual binary operator.
2132 WHERE field IN (?, ?, ?)
2133 WHERE field BETWEEN ? AND ?
2134 WHERE MATCH(field) AGAINST (?, ?)
2136 Special operators IN and BETWEEN are fairly standard and therefore
2137 are builtin within C<SQL::Abstract> (as the overridable methods
2138 C<_where_field_IN> and C<_where_field_BETWEEN>). For other operators,
2139 like the MATCH .. AGAINST example above which is specific to MySQL,
2140 you can write your own operator handlers - supply a C<special_ops>
2141 argument to the C<new> method. That argument takes an arrayref of
2142 operator definitions; each operator definition is a hashref with two
2149 the regular expression to match the operator
2153 Either a coderef or a plain scalar method name. In both cases
2154 the expected return is C<< ($sql, @bind) >>.
2156 When supplied with a method name, it is simply called on the
2157 L<SQL::Abstract/> object as:
2159 $self->$method_name ($field, $op, $arg)
2163 $op is the part that matched the handler regex
2164 $field is the LHS of the operator
2167 When supplied with a coderef, it is called as:
2169 $coderef->($self, $field, $op, $arg)
2174 For example, here is an implementation
2175 of the MATCH .. AGAINST syntax for MySQL
2177 my $sqlmaker = SQL::Abstract->new(special_ops => [
2179 # special op for MySql MATCH (field) AGAINST(word1, word2, ...)
2180 {regex => qr/^match$/i,
2182 my ($self, $field, $op, $arg) = @_;
2183 $arg = [$arg] if not ref $arg;
2184 my $label = $self->_quote($field);
2185 my ($placeholder) = $self->_convert('?');
2186 my $placeholders = join ", ", (($placeholder) x @$arg);
2187 my $sql = $self->_sqlcase('match') . " ($label) "
2188 . $self->_sqlcase('against') . " ($placeholders) ";
2189 my @bind = $self->_bindtype($field, @$arg);
2190 return ($sql, @bind);
2197 =head1 UNARY OPERATORS
2199 my $sqlmaker = SQL::Abstract->new(unary_ops => [
2203 my ($self, $op, $arg) = @_;
2209 handler => 'method_name',
2213 A "unary operator" is a SQL syntactic clause that can be
2214 applied to a field - the operator goes before the field
2216 You can write your own operator handlers - supply a C<unary_ops>
2217 argument to the C<new> method. That argument takes an arrayref of
2218 operator definitions; each operator definition is a hashref with two
2225 the regular expression to match the operator
2229 Either a coderef or a plain scalar method name. In both cases
2230 the expected return is C<< $sql >>.
2232 When supplied with a method name, it is simply called on the
2233 L<SQL::Abstract/> object as:
2235 $self->$method_name ($op, $arg)
2239 $op is the part that matched the handler regex
2240 $arg is the RHS or argument of the operator
2242 When supplied with a coderef, it is called as:
2244 $coderef->($self, $op, $arg)
2252 Thanks to some benchmarking by Mark Stosberg, it turns out that
2253 this module is many orders of magnitude faster than using C<DBIx::Abstract>.
2254 I must admit this wasn't an intentional design issue, but it's a
2255 byproduct of the fact that you get to control your C<DBI> handles
2258 To maximize performance, use a code snippet like the following:
2260 # prepare a statement handle using the first row
2261 # and then reuse it for the rest of the rows
2263 for my $href (@array_of_hashrefs) {
2264 $stmt ||= $sql->insert('table', $href);
2265 $sth ||= $dbh->prepare($stmt);
2266 $sth->execute($sql->values($href));
2269 The reason this works is because the keys in your C<$href> are sorted
2270 internally by B<SQL::Abstract>. Thus, as long as your data retains
2271 the same structure, you only have to generate the SQL the first time
2272 around. On subsequent queries, simply use the C<values> function provided
2273 by this module to return your values in the correct order.
2275 However this depends on the values having the same type - if, for
2276 example, the values of a where clause may either have values
2277 (resulting in sql of the form C<column = ?> with a single bind
2278 value), or alternatively the values might be C<undef> (resulting in
2279 sql of the form C<column IS NULL> with no bind value) then the
2280 caching technique suggested will not work.
2284 If you use my C<CGI::FormBuilder> module at all, you'll hopefully
2285 really like this part (I do, at least). Building up a complex query
2286 can be as simple as the following:
2290 use CGI::FormBuilder;
2293 my $form = CGI::FormBuilder->new(...);
2294 my $sql = SQL::Abstract->new;
2296 if ($form->submitted) {
2297 my $field = $form->field;
2298 my $id = delete $field->{id};
2299 my($stmt, @bind) = $sql->update('table', $field, {id => $id});
2302 Of course, you would still have to connect using C<DBI> to run the
2303 query, but the point is that if you make your form look like your
2304 table, the actual query script can be extremely simplistic.
2306 If you're B<REALLY> lazy (I am), check out C<HTML::QuickTable> for
2307 a fast interface to returning and formatting data. I frequently
2308 use these three modules together to write complex database query
2309 apps in under 50 lines.
2315 =item * gitweb: L<http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=dbsrgits/SQL-Abstract.git>
2317 =item * git: L<git://git.shadowcat.co.uk/dbsrgits/SQL-Abstract.git>
2323 Version 1.50 was a major internal refactoring of C<SQL::Abstract>.
2324 Great care has been taken to preserve the I<published> behavior
2325 documented in previous versions in the 1.* family; however,
2326 some features that were previously undocumented, or behaved
2327 differently from the documentation, had to be changed in order
2328 to clarify the semantics. Hence, client code that was relying
2329 on some dark areas of C<SQL::Abstract> v1.*
2330 B<might behave differently> in v1.50.
2332 The main changes are :
2338 support for literal SQL through the C<< \ [$sql, bind] >> syntax.
2342 support for the { operator => \"..." } construct (to embed literal SQL)
2346 support for the { operator => \["...", @bind] } construct (to embed literal SQL with bind values)
2350 optional support for L<array datatypes|/"Inserting and Updating Arrays">
2354 defensive programming : check arguments
2358 fixed bug with global logic, which was previously implemented
2359 through global variables yielding side-effects. Prior versions would
2360 interpret C<< [ {cond1, cond2}, [cond3, cond4] ] >>
2361 as C<< "(cond1 AND cond2) OR (cond3 AND cond4)" >>.
2362 Now this is interpreted
2363 as C<< "(cond1 AND cond2) OR (cond3 OR cond4)" >>.
2368 fixed semantics of _bindtype on array args
2372 dropped the C<_anoncopy> of the %where tree. No longer necessary,
2373 we just avoid shifting arrays within that tree.
2377 dropped the C<_modlogic> function
2381 =head1 ACKNOWLEDGEMENTS
2383 There are a number of individuals that have really helped out with
2384 this module. Unfortunately, most of them submitted bugs via CPAN
2385 so I have no idea who they are! But the people I do know are:
2387 Ash Berlin (order_by hash term support)
2388 Matt Trout (DBIx::Class support)
2389 Mark Stosberg (benchmarking)
2390 Chas Owens (initial "IN" operator support)
2391 Philip Collins (per-field SQL functions)
2392 Eric Kolve (hashref "AND" support)
2393 Mike Fragassi (enhancements to "BETWEEN" and "LIKE")
2394 Dan Kubb (support for "quote_char" and "name_sep")
2395 Guillermo Roditi (patch to cleanup "IN" and "BETWEEN", fix and tests for _order_by)
2396 Laurent Dami (internal refactoring, extensible list of special operators, literal SQL)
2397 Norbert Buchmuller (support for literal SQL in hashpair, misc. fixes & tests)
2398 Peter Rabbitson (rewrite of SQLA::Test, misc. fixes & tests)
2399 Oliver Charles (support for "RETURNING" after "INSERT")
2405 L<DBIx::Class>, L<DBIx::Abstract>, L<CGI::FormBuilder>, L<HTML::QuickTable>.
2409 Copyright (c) 2001-2007 Nathan Wiger <nwiger@cpan.org>. All Rights Reserved.
2411 This module is actively maintained by Matt Trout <mst@shadowcatsystems.co.uk>
2413 For support, your best bet is to try the C<DBIx::Class> users mailing list.
2414 While not an official support venue, C<DBIx::Class> makes heavy use of
2415 C<SQL::Abstract>, and as such list members there are very familiar with
2416 how to create queries.
2420 This module is free software; you may copy this under the same
2421 terms as perl itself (either the GNU General Public License or
2422 the Artistic License)