[dbsrgits/DBIx-Class.git] / lib / DBIx / Class / Storage / DBI / NoBindVars.pm

package DBIx::Class::Storage::DBI::NoBindVars;

use strict;
use warnings;

use base 'DBIx::Class::Storage::DBI';
use mro 'c3';

use DBIx::Class::SQLMaker::LimitDialects;

=head1 NAME

DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables

=head1 DESCRIPTION

This class allows queries to work when the DBD or underlying library does not
support the usual C<?> placeholders, or at least doesn't support them very
well, as is the case with L<DBD::Sybase>

=head1 METHODS

=head2 connect_info

We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.

=cut

sub connect_info {
    my $self = shift;
    my $retval = $self->next::method(@_);
    $self->disable_sth_caching(1);
    $retval;
}

=head2 _prep_for_execute

Manually subs in the values for the usual C<?> placeholders.

=cut

sub _prep_for_execute {
  my $self = shift;

  my ($sql, $bind) = $self->next::method(@_);

  # stringify bind args, quote via $dbh, and manually insert
  #my ($op, $ident, $args) = @_;
  my $ident = $_[1];

  my @sql_part = split /\?/, $sql;
  my $new_sql;

  for (@$bind) {
    my $data = (ref $_->[1]) ? "$_->[1]" : $_->[1]; # always stringify, array types are currently not supported

    my $datatype = $_->[0]{sqlt_datatype};

    $data = $self->_prep_interpolated_value($datatype, $data)
      if $datatype;

    $data = $self->_get_dbh->quote($data)
      unless ($datatype and $self->interpolate_unquoted($datatype, $data) );

    $new_sql .= shift(@sql_part) . $data;
  }

  $new_sql .= join '', @sql_part;

  return ($new_sql, []);
}

=head2 interpolate_unquoted

This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
value is interpreted as: true - do not quote, false - do quote. You should
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
columns). The default method returns false, except for integer datatypes
paired with values containing nothing but digits.

 WARNING!!!

 Always validate that the bind-value is valid for the current datatype.
 Otherwise you may very well open the door to SQL injection attacks.

=cut

sub interpolate_unquoted {
  #my ($self, $datatype, $value) = @_;

  return 1 if (
    defined $_[2]
      and
    $_[1]
      and
    $_[2] !~ /[^0-9]/
      and
    $_[1] =~ /int(?:eger)? | (?:tiny|small|medium|big)int/ix
  );

  return 0;
}

=head2 _prep_interpolated_value

Given a datatype and the value to be inserted directly into a SQL query, returns
the necessary string to represent that value (by e.g. adding a '$' sign)

=cut

sub _prep_interpolated_value {
  #my ($self, $datatype, $value) = @_;
  return $_[2];
}

=head1 FURTHER QUESTIONS?

Check the list of L<additional DBIC resources|DBIx::Class/GETTING HELP/SUPPORT>.

=head1 COPYRIGHT AND LICENSE

This module is free software L<copyright|DBIx::Class/COPYRIGHT AND LICENSE>
by the L<DBIx::Class (DBIC) authors|DBIx::Class/AUTHORS>. You can
redistribute it and/or modify it under the same terms as the
L<DBIx::Class library|DBIx::Class/COPYRIGHT AND LICENSE>.

=cut

1;
Commit	Line	Data
3885cff6	1	package DBIx::Class::Storage::DBI::NoBindVars;
	2
	3	use strict;
	4	use warnings;
	5
	6	use base 'DBIx::Class::Storage::DBI';
2ad62d97	7	use mro 'c3';
3885cff6	8
fcb7fcbb	9	use DBIx::Class::SQLMaker::LimitDialects;
fcb7fcbb	10
fcb7fcbb	11	=head1 NAME
b43345f2	12
	13	DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables
	14
	15	=head1 DESCRIPTION
	16
	17	This class allows queries to work when the DBD or underlying library does not
	18	support the usual C<?> placeholders, or at least doesn't support them very
	19	well, as is the case with L<DBD::Sybase>
	20
	21	=head1 METHODS
	22
b33697ef	23	=head2 connect_info
b43345f2	24
b33697ef	25	We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
b43345f2	26
	27	=cut
	28
b33697ef	29	sub connect_info {
b33697ef	30	my $self = shift;
d944c5ae	31	my $retval = $self->next::method(@_);
b33697ef	32	$self->disable_sth_caching(1);
b33697ef	33	$retval;
b43345f2	34	}
b43345f2	35
d5130dd2	36	=head2 _prep_for_execute
b43345f2	37
d5130dd2	38	Manually subs in the values for the usual C<?> placeholders.
b43345f2	39
	40	=cut
	41
d5130dd2	42	sub _prep_for_execute {
d5130dd2	43	my $self = shift;
b50a5275	44
d944c5ae	45	my ($sql, $bind) = $self->next::method(@_);
d944c5ae	46
7c63f828	47	# stringify bind args, quote via $dbh, and manually insert
0e773352	48	#my ($op, $ident, $args) = @_;
0e773352	49	my $ident = $_[1];
d944c5ae	50
b4474f31	51	my @sql_part = split /\?/, $sql;
	52	my $new_sql;
	53
0e773352	54	for (@$bind) {
abe9977d	55	my $data = (ref $_->[1]) ? "$_->[1]" : $_->[1]; # always stringify, array types are currently not supported
b55e97a7	56
abe9977d	57	my $datatype = $_->[0]{sqlt_datatype};
b55e97a7	58
0e773352	59	$data = $self->_prep_interpolated_value($datatype, $data)
0e773352	60	if $datatype;
6636ad53	61
0e773352	62	$data = $self->_get_dbh->quote($data)
abe9977d	63	unless ($datatype and $self->interpolate_unquoted($datatype, $data) );
e06ad5d5	64
0e773352	65	$new_sql .= shift(@sql_part) . $data;
d944c5ae	66	}
0e773352	67
b4474f31	68	$new_sql .= join '', @sql_part;
d5130dd2	69
01c04b1b	70	return ($new_sql, []);
3885cff6	71	}
3885cff6	72
80007f97	73	=head2 interpolate_unquoted
e06ad5d5	74
148e3b50	75	This method is called by L</_prep_for_execute> for every column in
	76	order to determine if its value should be quoted or not. The arguments
	77	are the current column data type and the actual bind value. The return
80007f97	78	value is interpreted as: true - do not quote, false - do quote. You should
148e3b50	79	override this in you Storage::DBI::<database> subclass, if your RDBMS
148e3b50	80	does not like quotes around certain datatypes (e.g. Sybase and integer
fcb7fcbb	81	columns). The default method returns false, except for integer datatypes
fcb7fcbb	82	paired with values containing nothing but digits.
e06ad5d5	83
0ac07712	84	WARNING!!!
e06ad5d5	85
148e3b50	86	Always validate that the bind-value is valid for the current datatype.
148e3b50	87	Otherwise you may very well open the door to SQL injection attacks.
e06ad5d5	88
0ac07712	89	=cut
e06ad5d5	90
80007f97	91	sub interpolate_unquoted {
0ac07712	92	#my ($self, $datatype, $value) = @_;
fcb7fcbb	93
	94	return 1 if (
	95	defined $_[2]
	96	and
	97	$_[1]
	98	and
f033dcbe	99	$_[2] !~ /[^0-9]/
fcb7fcbb	100	and
	101	$_[1] =~ /int(?:eger)? \| (?:tiny\|small\|medium\|big)int/ix
	102	);
	103
80007f97	104	return 0;
0ac07712	105	}
148e3b50	106
166c6561	107	=head2 _prep_interpolated_value
e06ad5d5	108
e06ad5d5	109	Given a datatype and the value to be inserted directly into a SQL query, returns
0ac07712	110	the necessary string to represent that value (by e.g. adding a '$' sign)
e06ad5d5	111
	112	=cut
	113
166c6561	114	sub _prep_interpolated_value {
0ac07712	115	#my ($self, $datatype, $value) = @_;
	116	return $_[2];
	117	}
e06ad5d5	118
a2bd3796	119	=head1 FURTHER QUESTIONS?
3885cff6	120
a2bd3796	121	Check the list of L<additional DBIC resources\|DBIx::Class/GETTING HELP/SUPPORT>.
3885cff6	122
a2bd3796	123	=head1 COPYRIGHT AND LICENSE
3885cff6	124
a2bd3796	125	This module is free software L<copyright\|DBIx::Class/COPYRIGHT AND LICENSE>
	126	by the L<DBIx::Class (DBIC) authors\|DBIx::Class/AUTHORS>. You can
	127	redistribute it and/or modify it under the same terms as the
	128	L<DBIx::Class library\|DBIx::Class/COPYRIGHT AND LICENSE>.
3885cff6	129
3885cff6	130	=cut
b43345f2	131
b43345f2	132	1;