foreach my $data (@$bound) {
$data = ''.$data if ref $data;
- $data = $self->transform_unbound_value($datatype, $data)
+ $data = $self->_prep_interpolated_value($datatype, $data)
if $datatype;
$data = $self->_dbh->quote($data)
- if (!$datatype || $self->should_quote_value($datatype, $data));
+ unless $self->interpolate_unquoted($datatype, $data);
$new_sql .= shift(@sql_part) . $data;
}
return ($new_sql, []);
}
-=head2 should_quote_value
+=head2 interpolate_unquoted
This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
-value is interpreted as: true - do quote, false - do not quote. You should
+value is interpreted as: true - do not quote, false - do quote. You should
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
-columns). The default method always returns true (do quote).
+columns). The default method always returns false (do quote).
- WARNING!!!
+ WARNING!!!
Always validate that the bind-value is valid for the current datatype.
Otherwise you may very well open the door to SQL injection attacks.
-=cut
+=cut
-sub should_quote_value { 1 }
+sub interpolate_unquoted {
+ #my ($self, $datatype, $value) = @_;
+ return 0;
+}
-=head2 transform_unbound_value
+=head2 _prep_interpolated_value
Given a datatype and the value to be inserted directly into a SQL query, returns
-the necessary SQL fragment to represent that value.
+the necessary string to represent that value (by e.g. adding a '$' sign)
=cut
-sub transform_unbound_value { $_[2] }
+sub _prep_interpolated_value {
+ #my ($self, $datatype, $value) = @_;
+ return $_[2];
+}
=head1 AUTHORS
-Brandon Black <blblack@gmail.com>
-
-Trym Skaar <trym@tryms.no>
+See L<DBIx::Class/CONTRIBUTORS>
=head1 LICENSE