use warnings;
use base 'DBIx::Class::Storage::DBI';
+use Scalar::Util ();
+use Carp::Clan qw/^DBIx::Class/;
=head1 NAME
=head1 METHODS
-=head2 sth
+=head2 connect_info
-Uses C<prepare> instead of the usual C<prepare_cached>, seeing as we can't cache very effectively without bind variables.
+We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
=cut
-sub sth {
- my ($self, $sql) = @_;
- return $self->dbh->prepare($sql);
+sub connect_info {
+ my $self = shift;
+ my $retval = $self->next::method(@_);
+ $self->disable_sth_caching(1);
+ $retval;
}
-=head2 _execute
+=head2 _prep_for_execute
-Manually subs in the values for the usual C<?> placeholders before calling L</sth> on the generated SQL.
+Manually subs in the values for the usual C<?> placeholders.
=cut
-sub _execute {
- my ($self, $op, $extra_bind, $ident, @args) = @_;
- my ($sql, @bind) = $self->sql_maker->$op($ident, @args);
- unshift(@bind, @$extra_bind) if $extra_bind;
- if ($self->debug) {
- my @debug_bind = map { defined $_ ? qq{'$_'} : q{'NULL'} } @bind;
- $self->debugobj->query_start($sql, @debug_bind);
- }
+sub _prep_for_execute {
+ my $self = shift;
- while(my $bvar = shift @bind) {
- $bvar = $self->_dbh->quote($bvar);
- $sql =~ s/\?/$bvar/;
- }
+ my ($op, $extra_bind, $ident, $args) = @_;
- my $sth = eval { $self->sth($sql,$op) };
+ my ($sql, $bind) = $self->next::method(@_);
- if (!$sth || $@) {
- $self->throw_exception(
- 'no sth generated via sql (' . ($@ || $self->_dbh->errstr) . "): $sql"
- );
- }
+ # stringify args, quote via $dbh, and manually insert
+
+ my @sql_part = split /\?/, $sql;
+ my $new_sql;
+
+ my $alias2src = $self->_resolve_ident_sources($ident);
+
+ foreach my $bound (@$bind) {
+ my $col = shift @$bound;
+
+ my $name_sep = $self->_sql_maker_opts->{name_sep} || '.';
+ my $quote_char = $self->_sql_maker_opts->{quote_char} || '';
+ $quote_char = join '', @$quote_char if ref $quote_char eq 'ARRAY';
- my $rv;
- if ($sth) {
- my $time = time();
- $rv = eval { $sth->execute };
+ $col =~ s/[\Q${quote_char}\E]//g if $quote_char;
+ $col =~ s/^([^\Q${name_sep}\E]*)\Q${name_sep}\E//;
+ my $alias = $1 || 'me';
- if ($@ || !$rv) {
- $self->throw_exception("Error executing '$sql': ".($@ || $sth->errstr));
+ my $rsrc = $alias2src->{$alias};
+
+ my $datatype = $rsrc && $rsrc->column_info($col)->{data_type};
+
+ foreach my $data (@$bound) {
+ $data = ''.$data if ref $data;
+
+ $data = $self->_dbh->quote($data) if $self->should_quote($datatype, $data);
+
+ $new_sql .= shift(@sql_part) . $data;
}
- } else {
- $self->throw_exception("'$sql' did not generate a statement.");
}
- if ($self->debug) {
- my @debug_bind = map { defined $_ ? qq{`$_'} : q{`NULL'} } @bind;
- $self->debugobj->query_end($sql, @debug_bind);
- }
- return (wantarray ? ($rv, $sth, @bind) : $rv);
+ $new_sql .= join '', @sql_part;
+
+ return ($new_sql, []);
}
+=head2 should_quote
+
+This method is called by L</_prep_for_execute> for every column in
+order to determine if its value should be quoted or not. The arguments
+are the current column data type and the actual bind value. The return
+value is interpreted as: true - do quote, false - do not quote. You should
+override this in you Storage::DBI::<database> subclass, if your RDBMS
+does not like quotes around certain datatypes (e.g. Sybase and integer
+columns). The default method always returns true (do quote).
+
+ WARNING!!!
+
+ Always validate that the bind-value is valid for the current datatype.
+ Otherwise you may very well open the door to SQL injection attacks.
+
+=cut
+
+sub should_quote { 1 }
+
=head1 AUTHORS
Brandon Black <blblack@gmail.com>
projects / dbsrgits/DBIx-Class.git / blobdiff