use warnings;
use base 'DBIx::Class::Storage::DBI';
+use Scalar::Util ();
+use Carp::Clan qw/^DBIx::Class/;
=head1 NAME
sub _prep_for_execute {
my $self = shift;
- my ($op, $extra_bind, $ident) = @_;
+ my ($op, $extra_bind, $ident, $args) = @_;
my ($sql, $bind) = $self->next::method(@_);
my @sql_part = split /\?/, $sql;
my $new_sql;
+ my $alias2src = $self->_resolve_ident_sources($ident);
+
foreach my $bound (@$bind) {
my $col = shift @$bound;
- my $datatype = 'FIXME!!!';
+
+ my $name_sep = $self->_sql_maker_opts->{name_sep} || '.';
+ my $quote_char = $self->_sql_maker_opts->{quote_char} || '';
+ $quote_char = join '', @$quote_char if ref $quote_char eq 'ARRAY';
+
+ $col =~ s/[\Q${quote_char}\E]//g if $quote_char;
+ $col =~ s/^([^\Q${name_sep}\E]*)\Q${name_sep}\E//;
+ my $alias = $1 || 'me';
+
+ my $rsrc = $alias2src->{$alias};
+
+ my $datatype = $rsrc && $rsrc->column_info($col)->{data_type};
+
foreach my $data (@$bound) {
- if(ref $data) {
- $data = ''.$data;
- }
- $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
+ $data = ''.$data if ref $data;
+
+ $data = $self->_dbh->quote($data) if $self->should_quote($datatype, $data);
+
$new_sql .= shift(@sql_part) . $data;
}
}
$new_sql .= join '', @sql_part;
- return ($new_sql);
+ return ($new_sql, []);
}
-=head2 should_quote_data_type
-
+=head2 should_quote
+
This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
columns). The default method always returns true (do quote).
-
- WARNING!!!
-
+
+ WARNING!!!
+
Always validate that the bind-value is valid for the current datatype.
Otherwise you may very well open the door to SQL injection attacks.
-
-=cut
-
-sub should_quote_data_type { 1 }
+
+=cut
+
+sub should_quote { 1 }
=head1 AUTHORS