use warnings;
use base 'DBIx::Class::Storage::DBI';
-use Scalar::Util ();
-use Carp::Clan qw/^DBIx::Class/;
+use mro 'c3';
-=head1 NAME
+use DBIx::Class::SQLMaker::LimitDialects;
+use List::Util qw/first/;
+
+use namespace::clean;
+
+=head1 NAME
DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables
sub _prep_for_execute {
my $self = shift;
- my ($op, $extra_bind, $ident, $args) = @_;
-
my ($sql, $bind) = $self->next::method(@_);
- # stringify args, quote via $dbh, and manually insert
+ # stringify bind args, quote via $dbh, and manually insert
+ #my ($op, $ident, $args) = @_;
+ my $ident = $_[1];
my @sql_part = split /\?/, $sql;
my $new_sql;
- my $alias2src = $self->_resolve_ident_sources($ident);
-
- foreach my $bound (@$bind) {
- my $col = shift @$bound;
-
- my $name_sep = $self->_sql_maker_opts->{name_sep} || '.';
-
- $col =~ s/^([^\Q${name_sep}\E]*)\Q${name_sep}\E//;
- my $alias = $1 || 'me';
+ for (@$bind) {
+ my $data = (ref $_->[1]) ? "$_->[1]" : $_->[1]; # always stringify, array types are currently not supported
- my $rsrc = $alias2src->{$alias};
+ my $datatype = $_->[0]{sqlt_datatype};
- my $datatype = $rsrc && $rsrc->column_info($col)->{data_type};
+ $data = $self->_prep_interpolated_value($datatype, $data)
+ if $datatype;
- foreach my $data (@$bound) {
- $data = ''.$data if ref $data;
+ $data = $self->_get_dbh->quote($data)
+ unless ($datatype and $self->interpolate_unquoted($datatype, $data) );
- $data = $self->_dbh->quote($data)
- if $self->should_quote_value($datatype, $data);
-
- $new_sql .= shift(@sql_part) . $data;
- }
+ $new_sql .= shift(@sql_part) . $data;
}
+
$new_sql .= join '', @sql_part;
return ($new_sql, []);
}
-=head2 should_quote_value
-
+=head2 interpolate_unquoted
+
This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
-value is interpreted as: true - do quote, false - do not quote. You should
+value is interpreted as: true - do not quote, false - do quote. You should
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
-columns). The default method always returns true (do quote).
-
- WARNING!!!
-
+columns). The default method returns false, except for integer datatypes
+paired with values containing nothing but digits.
+
+ WARNING!!!
+
Always validate that the bind-value is valid for the current datatype.
Otherwise you may very well open the door to SQL injection attacks.
-
-=cut
-
-sub should_quote_value { 1 }
-=head1 AUTHORS
+=cut
+
+sub interpolate_unquoted {
+ #my ($self, $datatype, $value) = @_;
+
+ return 1 if (
+ defined $_[2]
+ and
+ $_[1]
+ and
+ $_[2] !~ /\D/
+ and
+ $_[1] =~ /int(?:eger)? | (?:tiny|small|medium|big)int/ix
+ );
+
+ return 0;
+}
+
+=head2 _prep_interpolated_value
-Brandon Black <blblack@gmail.com>
+Given a datatype and the value to be inserted directly into a SQL query, returns
+the necessary string to represent that value (by e.g. adding a '$' sign)
+
+=cut
+
+sub _prep_interpolated_value {
+ #my ($self, $datatype, $value) = @_;
+ return $_[2];
+}
+
+=head1 AUTHORS
-Trym Skaar <trym@tryms.no>
+See L<DBIx::Class/CONTRIBUTORS>
=head1 LICENSE
projects / dbsrgits/DBIx-Class.git / blobdiff