use warnings;
use base 'DBIx::Class::Storage::DBI';
+use mro 'c3';
=head1 NAME
=head1 METHODS
-=head2 sth
+=head2 connect_info
-Uses C<prepare> instead of the usual C<prepare_cached>, seeing as we can't cache very effectively without bind variables.
+We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
=cut
-sub _dbh_sth {
- my ($self, $dbh, $sql) = @_;
- $dbh->prepare($sql);
+sub connect_info {
+ my $self = shift;
+ my $retval = $self->next::method(@_);
+ $self->disable_sth_caching(1);
+ $retval;
}
=head2 _prep_for_execute
sub _prep_for_execute {
my $self = shift;
- my ($sql, @bind) = $self->next::method(@_);
- $sql =~ s/\?/$self->_dbh->quote($_)/e for (@bind);
+ my ($sql, $bind) = $self->next::method(@_);
- return ($sql);
+ # stringify bind args, quote via $dbh, and manually insert
+ #my ($op, $extra_bind, $ident, $args) = @_;
+ my $ident = $_[2];
+
+ my @sql_part = split /\?/, $sql;
+ my $new_sql;
+
+ my $col_info = $self->_resolve_column_info($ident, [ map $_->[0], @$bind ]);
+
+ foreach my $bound (@$bind) {
+ my $col = shift @$bound;
+
+ my $datatype = $col_info->{$col}{data_type};
+
+ foreach my $data (@$bound) {
+ $data = ''.$data if ref $data;
+
+ $data = $self->_prep_interpolated_value($datatype, $data)
+ if $datatype;
+
+ $data = $self->_dbh->quote($data)
+ unless $self->interpolate_unquoted($datatype, $data);
+
+ $new_sql .= shift(@sql_part) . $data;
+ }
+ }
+ $new_sql .= join '', @sql_part;
+
+ return ($new_sql, []);
}
-=head1 AUTHORS
+=head2 interpolate_unquoted
+
+This method is called by L</_prep_for_execute> for every column in
+order to determine if its value should be quoted or not. The arguments
+are the current column data type and the actual bind value. The return
+value is interpreted as: true - do not quote, false - do quote. You should
+override this in you Storage::DBI::<database> subclass, if your RDBMS
+does not like quotes around certain datatypes (e.g. Sybase and integer
+columns). The default method always returns false (do quote).
+
+ WARNING!!!
-Brandon Black <blblack@gmail.com>
+ Always validate that the bind-value is valid for the current datatype.
+ Otherwise you may very well open the door to SQL injection attacks.
+
+=cut
+
+sub interpolate_unquoted {
+ #my ($self, $datatype, $value) = @_;
+ return 0;
+}
+
+=head2 _prep_interpolated_value
+
+Given a datatype and the value to be inserted directly into a SQL query, returns
+the necessary string to represent that value (by e.g. adding a '$' sign)
+
+=cut
+
+sub _prep_interpolated_value {
+ #my ($self, $datatype, $value) = @_;
+ return $_[2];
+}
+
+=head1 AUTHORS
-Trym Skaar <trym@tryms.no>
+See L<DBIx::Class/CONTRIBUTORS>
=head1 LICENSE