use warnings;
use base 'DBIx::Class::Storage::DBI';
-use Scalar::Util ();
-use Carp::Clan qw/^DBIx::Class/;
+use mro 'c3';
=head1 NAME
my @sql_part = split /\?/, $sql;
my $new_sql;
- my $alias2src = $self->_resolve_ident_sources($ident);
+ my $col_info = $self->_resolve_column_info($ident, [ map $_->[0], @$bind ]);
foreach my $bound (@$bind) {
my $col = shift @$bound;
- my $name_sep = $self->_sql_maker_opts->{name_sep} || '.';
-
- $col =~ s/^([^\Q${name_sep}\E]*)\Q${name_sep}\E//;
- my $alias = $1 || 'me';
-
- my $rsrc = $alias2src->{$alias};
-
- my $datatype = $rsrc && $rsrc->column_info($col)->{data_type};
+ my $datatype = $col_info->{$col}{data_type};
foreach my $data (@$bound) {
$data = ''.$data if ref $data;
+ $data = $self->transform_unbound_value($datatype, $data)
+ if $datatype;
+
$data = $self->_dbh->quote($data)
- if $self->should_quote_value($datatype, $data);
+ if (!$datatype || $self->should_quote_value($datatype, $data));
$new_sql .= shift(@sql_part) . $data;
}
}
=head2 should_quote_value
-
+
This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
columns). The default method always returns true (do quote).
-
+
WARNING!!!
-
+
Always validate that the bind-value is valid for the current datatype.
Otherwise you may very well open the door to SQL injection attacks.
-
+
=cut
-
+
sub should_quote_value { 1 }
+=head2 transform_unbound_value
+
+Given a datatype and the value to be inserted directly into a SQL query, returns
+the necessary SQL fragment to represent that value.
+
+=cut
+
+sub transform_unbound_value { $_[2] }
+
=head1 AUTHORS
Brandon Black <blblack@gmail.com>
projects / dbsrgits/DBIx-Class-Historic.git / blobdiff