if(ref $data) {
$data = ''.$data;
}
- $data = $self->_dbh->quote($data);
+ $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
$new_sql .= shift(@sql_part) . $data;
}
}
return ($new_sql, []);
}
+=head2 should_quote_data_type
+
+This method is called by L</_prep_for_execute> for every column in
+order to determine if its value should be quoted or not. The arguments
+are the current column data type and the actual bind value. The return
+value is interpreted as: true - do quote, false - do not quote. You should
+override this in you Storage::DBI::<database> subclass, if your RDBMS
+does not like quotes around certain datatypes (e.g. Sybase and integer
+columns). The default method always returns true (do quote).
+
+ WARNING!!!
+
+ Always validate that the bind-value is valid for the current datatype.
+ Otherwise you may very well open the door to SQL injection attacks.
+
+=cut
+
+sub should_quote_data_type { 1 }
+
=head1 AUTHORS
Brandon Black <blblack@gmail.com>
return ($dbh->selectrow_array('select @@identity'))[0];
}
+my $noquote = {
+ int => qr/^ \-? \d+ $/x,
+ integer => qr/^ \-? \d+ $/x,
+ # TODO maybe need to add float/real/etc
+};
+
+sub should_quote_data_type {
+ my $self = shift;
+ my ($type, $value) = @_;
+
+ return $self->next::method(@_) if not defined $value;
+
+ if (my $re = $noquote->{$type}) {
+ return 0 if $value =~ $re;
+ }
+
+ return $self->next::method(@_);
+}
+
+
1;
=head1 NAME