From: Peter Rabbitson <ribasushi@cpan.org>
Date: Tue, 3 Mar 2009 22:32:50 +0000 (+0000)
Subject: Put code back into branch (and fix trunk snafu)
X-Git-Tag: v0.08112~14^2~148^2~1
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=148e3b50385e4a39296fcddc886f92af683456d5;p=dbsrgits%2FDBIx-Class.git

Put code back into branch (and fix trunk snafu)
---

diff --git a/lib/DBIx/Class/Storage/DBI/NoBindVars.pm b/lib/DBIx/Class/Storage/DBI/NoBindVars.pm
index 349f658..c74b9c0 100644
--- a/lib/DBIx/Class/Storage/DBI/NoBindVars.pm
+++ b/lib/DBIx/Class/Storage/DBI/NoBindVars.pm
@@ -55,7 +55,7 @@ sub _prep_for_execute {
         if(ref $data) {
             $data = ''.$data;
         }
-        $data = $self->_dbh->quote($data);
+        $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
         $new_sql .= shift(@sql_part) . $data;
     }
   }
@@ -64,6 +64,25 @@ sub _prep_for_execute {
   return ($new_sql);
 }
 
+=head2 should_quote_data_type
+
+This method is called by L</_prep_for_execute> for every column in
+order to determine if its value should be quoted or not. The arguments
+are the current column data type and the actual bind value. The return
+value is interpreted as: true - do quote, false - do not quote. You should
+override this in you Storage::DBI::<database> subclass, if your RDBMS
+does not like quotes around certain datatypes (e.g. Sybase and integer
+columns). The default method always returns true (do quote).
+
+ WARNING!!!
+
+ Always validate that the bind-value is valid for the current datatype.
+ Otherwise you may very well open the door to SQL injection attacks.
+
+=cut
+
+sub should_quote_data_type { 1 }
+
 =head1 AUTHORS
 
 Brandon Black <blblack@gmail.com>
diff --git a/lib/DBIx/Class/Storage/DBI/Sybase.pm b/lib/DBIx/Class/Storage/DBI/Sybase.pm
new file mode 100644
index 0000000..0a26173
--- /dev/null
+++ b/lib/DBIx/Class/Storage/DBI/Sybase.pm
@@ -0,0 +1,48 @@
+package DBIx::Class::Storage::DBI::Sybase;
+
+use strict;
+use warnings;
+
+use base qw/DBIx::Class::Storage::DBI::NoBindVars/;
+
+my $noquote = {
+    int => qr/^ \-? \d+ $/x,
+    integer => qr/^ \-? \d+ $/x,
+
+    # TODO maybe need to add float/real/etc
+};
+
+sub should_quote_data_type {
+  my $self = shift;
+  my ($type, $value) = @_;
+
+  return $self->next::method(@_) if not defined $value;
+
+  if (my $re = $noquote->{$type}) {
+    return 0 if $value =~ $re;
+  }
+
+  return $self->next::method(@_);
+}
+
+1;
+
+=head1 NAME
+
+DBIx::Class::Storage::DBI::Sybase - Storage::DBI subclass for Sybase
+
+=head1 SYNOPSIS
+
+This subclass supports L<DBD::Sybase> for real Sybase databases.  If
+you are using an MSSQL database via L<DBD::Sybase>, see
+L<DBIx::Class::Storage::DBI::Sybase::MSSQL>.
+
+=head1 AUTHORS
+
+Brandon L Black <blblack@gmail.com>
+
+=head1 LICENSE
+
+You may distribute this code under the same terms as Perl itself.
+
+=cut