From: Peter Rabbitson Date: Tue, 3 Mar 2009 22:32:50 +0000 (+0000) Subject: Put code back into branch (and fix trunk snafu) X-Git-Tag: v0.08112~14^2~148^2~1 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=148e3b50385e4a39296fcddc886f92af683456d5;p=dbsrgits%2FDBIx-Class.git Put code back into branch (and fix trunk snafu) --- diff --git a/lib/DBIx/Class/Storage/DBI/NoBindVars.pm b/lib/DBIx/Class/Storage/DBI/NoBindVars.pm index 349f658..c74b9c0 100644 --- a/lib/DBIx/Class/Storage/DBI/NoBindVars.pm +++ b/lib/DBIx/Class/Storage/DBI/NoBindVars.pm @@ -55,7 +55,7 @@ sub _prep_for_execute { if(ref $data) { $data = ''.$data; } - $data = $self->_dbh->quote($data); + $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data); $new_sql .= shift(@sql_part) . $data; } } @@ -64,6 +64,25 @@ sub _prep_for_execute { return ($new_sql); } +=head2 should_quote_data_type + +This method is called by L for every column in +order to determine if its value should be quoted or not. The arguments +are the current column data type and the actual bind value. The return +value is interpreted as: true - do quote, false - do not quote. You should +override this in you Storage::DBI:: subclass, if your RDBMS +does not like quotes around certain datatypes (e.g. Sybase and integer +columns). The default method always returns true (do quote). + + WARNING!!! + + Always validate that the bind-value is valid for the current datatype. + Otherwise you may very well open the door to SQL injection attacks. + +=cut + +sub should_quote_data_type { 1 } + =head1 AUTHORS Brandon Black diff --git a/lib/DBIx/Class/Storage/DBI/Sybase.pm b/lib/DBIx/Class/Storage/DBI/Sybase.pm new file mode 100644 index 0000000..0a26173 --- /dev/null +++ b/lib/DBIx/Class/Storage/DBI/Sybase.pm @@ -0,0 +1,48 @@ +package DBIx::Class::Storage::DBI::Sybase; + +use strict; +use warnings; + +use base qw/DBIx::Class::Storage::DBI::NoBindVars/; + +my $noquote = { + int => qr/^ \-? \d+ $/x, + integer => qr/^ \-? \d+ $/x, + + # TODO maybe need to add float/real/etc +}; + +sub should_quote_data_type { + my $self = shift; + my ($type, $value) = @_; + + return $self->next::method(@_) if not defined $value; + + if (my $re = $noquote->{$type}) { + return 0 if $value =~ $re; + } + + return $self->next::method(@_); +} + +1; + +=head1 NAME + +DBIx::Class::Storage::DBI::Sybase - Storage::DBI subclass for Sybase + +=head1 SYNOPSIS + +This subclass supports L for real Sybase databases. If +you are using an MSSQL database via L, see +L. + +=head1 AUTHORS + +Brandon L Black + +=head1 LICENSE + +You may distribute this code under the same terms as Perl itself. + +=cut