[dbsrgits/DBIx-Class.git] / lib / DBIx / Class / Storage / DBI / NoBindVars.pm

package DBIx::Class::Storage::DBI::NoBindVars;

use strict;
use warnings;

use base 'DBIx::Class::Storage::DBI';
use mro 'c3';

=head1 NAME 

DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables

=head1 DESCRIPTION

This class allows queries to work when the DBD or underlying library does not
support the usual C<?> placeholders, or at least doesn't support them very
well, as is the case with L<DBD::Sybase>

=head1 METHODS

=head2 connect_info

We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.

=cut

sub connect_info {
    my $self = shift;
    my $retval = $self->next::method(@_);
    $self->disable_sth_caching(1);
    $retval;
}

=head2 _prep_for_execute

Manually subs in the values for the usual C<?> placeholders.

=cut

sub _prep_for_execute {
  my $self = shift;

  my ($sql, $bind) = $self->next::method(@_);

  # stringify bind args, quote via $dbh, and manually insert
  #my ($op, $extra_bind, $ident, $args) = @_;
  my $ident = $_[2];

  my @sql_part = split /\?/, $sql;
  my $new_sql;

  my $col_info = $self->_resolve_column_info($ident, [ map $_->[0], @$bind ]);

  foreach my $bound (@$bind) {
    my $col = shift @$bound;

    my $datatype = $col_info->{$col}{data_type};

    foreach my $data (@$bound) {
      $data = ''.$data if ref $data;

      $data = $self->_prep_interpolated_value($datatype, $data)
        if $datatype;

      $data = $self->_dbh->quote($data)
        unless $self->interpolate_unquoted($datatype, $data);

      $new_sql .= shift(@sql_part) . $data;
    }
  }
  $new_sql .= join '', @sql_part;

  return ($new_sql, []);
}

=head2 interpolate_unquoted

This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
value is interpreted as: true - do not quote, false - do quote. You should
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
columns). The default method always returns false (do quote).

 WARNING!!!

 Always validate that the bind-value is valid for the current datatype.
 Otherwise you may very well open the door to SQL injection attacks.

=cut

sub interpolate_unquoted {
  #my ($self, $datatype, $value) = @_;
  return 0;
}

=head2 _prep_interpolated_value

Given a datatype and the value to be inserted directly into a SQL query, returns
the necessary string to represent that value (by e.g. adding a '$' sign)

=cut

sub _prep_interpolated_value {
  #my ($self, $datatype, $value) = @_;
  return $_[2];
}

=head1 AUTHORS

See L<DBIx::Class/CONTRIBUTORS>

=head1 LICENSE

You may distribute this code under the same terms as Perl itself.

=cut

1;
Commit	Line	Data
3885cff6	1	package DBIx::Class::Storage::DBI::NoBindVars;
	2
	3	use strict;
	4	use warnings;
	5
	6	use base 'DBIx::Class::Storage::DBI';
2ad62d97	7	use mro 'c3';
3885cff6	8
b43345f2	9	=head1 NAME
	10
	11	DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables
	12
	13	=head1 DESCRIPTION
	14
	15	This class allows queries to work when the DBD or underlying library does not
	16	support the usual C<?> placeholders, or at least doesn't support them very
	17	well, as is the case with L<DBD::Sybase>
	18
	19	=head1 METHODS
	20
b33697ef	21	=head2 connect_info
b43345f2	22
b33697ef	23	We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
b43345f2	24
	25	=cut
	26
b33697ef	27	sub connect_info {
b33697ef	28	my $self = shift;
d944c5ae	29	my $retval = $self->next::method(@_);
b33697ef	30	$self->disable_sth_caching(1);
b33697ef	31	$retval;
b43345f2	32	}
b43345f2	33
d5130dd2	34	=head2 _prep_for_execute
b43345f2	35
d5130dd2	36	Manually subs in the values for the usual C<?> placeholders.
b43345f2	37
	38	=cut
	39
d5130dd2	40	sub _prep_for_execute {
d5130dd2	41	my $self = shift;
b50a5275	42
d944c5ae	43	my ($sql, $bind) = $self->next::method(@_);
d944c5ae	44
7c63f828	45	# stringify bind args, quote via $dbh, and manually insert
	46	#my ($op, $extra_bind, $ident, $args) = @_;
	47	my $ident = $_[2];
d944c5ae	48
b4474f31	49	my @sql_part = split /\?/, $sql;
	50	my $new_sql;
	51
28cea3aa	52	my $col_info = $self->_resolve_column_info($ident, [ map $_->[0], @$bind ]);
a49fe312	53
d944c5ae	54	foreach my $bound (@$bind) {
b50a5275	55	my $col = shift @$bound;
b55e97a7	56
28cea3aa	57	my $datatype = $col_info->{$col}{data_type};
b55e97a7	58
d944c5ae	59	foreach my $data (@$bound) {
7d17f469	60	$data = ''.$data if ref $data;
6636ad53	61
166c6561	62	$data = $self->_prep_interpolated_value($datatype, $data)
e06ad5d5	63	if $datatype;
e06ad5d5	64
7d17f469	65	$data = $self->_dbh->quote($data)
80007f97	66	unless $self->interpolate_unquoted($datatype, $data);
6636ad53	67
7d17f469	68	$new_sql .= shift(@sql_part) . $data;
d944c5ae	69	}
d944c5ae	70	}
b4474f31	71	$new_sql .= join '', @sql_part;
d5130dd2	72
01c04b1b	73	return ($new_sql, []);
3885cff6	74	}
3885cff6	75
80007f97	76	=head2 interpolate_unquoted
e06ad5d5	77
148e3b50	78	This method is called by L</_prep_for_execute> for every column in
	79	order to determine if its value should be quoted or not. The arguments
	80	are the current column data type and the actual bind value. The return
80007f97	81	value is interpreted as: true - do not quote, false - do quote. You should
148e3b50	82	override this in you Storage::DBI::<database> subclass, if your RDBMS
148e3b50	83	does not like quotes around certain datatypes (e.g. Sybase and integer
80007f97	84	columns). The default method always returns false (do quote).
e06ad5d5	85
0ac07712	86	WARNING!!!
e06ad5d5	87
148e3b50	88	Always validate that the bind-value is valid for the current datatype.
148e3b50	89	Otherwise you may very well open the door to SQL injection attacks.
e06ad5d5	90
0ac07712	91	=cut
e06ad5d5	92
80007f97	93	sub interpolate_unquoted {
0ac07712	94	#my ($self, $datatype, $value) = @_;
80007f97	95	return 0;
0ac07712	96	}
148e3b50	97
166c6561	98	=head2 _prep_interpolated_value
e06ad5d5	99
e06ad5d5	100	Given a datatype and the value to be inserted directly into a SQL query, returns
0ac07712	101	the necessary string to represent that value (by e.g. adding a '$' sign)
e06ad5d5	102
	103	=cut
	104
166c6561	105	sub _prep_interpolated_value {
0ac07712	106	#my ($self, $datatype, $value) = @_;
	107	return $_[2];
	108	}
e06ad5d5	109
3885cff6	110	=head1 AUTHORS
3885cff6	111
0ac07712	112	See L<DBIx::Class/CONTRIBUTORS>
3885cff6	113
	114	=head1 LICENSE
	115
	116	You may distribute this code under the same terms as Perl itself.
	117
	118	=cut
b43345f2	119
b43345f2	120	1;