[dbsrgits/DBIx-Class.git] / lib / DBIx / Class / Storage / DBI / NoBindVars.pm

package DBIx::Class::Storage::DBI::NoBindVars;

use strict;
use warnings;

use base 'DBIx::Class::Storage::DBI';

=head1 NAME 

DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables

=head1 DESCRIPTION

This class allows queries to work when the DBD or underlying library does not
support the usual C<?> placeholders, or at least doesn't support them very
well, as is the case with L<DBD::Sybase>

=head1 METHODS

=head2 connect_info

We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.

=cut

sub connect_info {
    my $self = shift;
    my $retval = $self->next::method(@_);
    $self->disable_sth_caching(1);
    $retval;
}

=head2 _prep_for_execute

Manually subs in the values for the usual C<?> placeholders.

=cut

sub _prep_for_execute {
  my $self = shift;

  my ($op, $extra_bind, $ident) = @_;

  my ($sql, $bind) = $self->next::method(@_);

  # stringify args, quote via $dbh, and manually insert

  my @sql_part = split /\?/, $sql;
  my $new_sql;

  foreach my $bound (@$bind) {
    my $col = shift @$bound;
    my $datatype = 'FIXME!!!';
    foreach my $data (@$bound) {
        if(ref $data) {
            $data = ''.$data;
        }
        $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
        $new_sql .= shift(@sql_part) . $data;
    }
  }
  $new_sql .= join '', @sql_part;

  return ($new_sql, []);
}

=head2 should_quote_data_type   
                                
This method is called by L</_prep_for_execute> for every column in
order to determine if its value should be quoted or not. The arguments
are the current column data type and the actual bind value. The return
value is interpreted as: true - do quote, false - do not quote. You should
override this in you Storage::DBI::<database> subclass, if your RDBMS
does not like quotes around certain datatypes (e.g. Sybase and integer
columns). The default method always returns true (do quote).
                                
 WARNING!!!                     
                                
 Always validate that the bind-value is valid for the current datatype.
 Otherwise you may very well open the door to SQL injection attacks.
                                
=cut                            
                                
sub should_quote_data_type { 1 }

=head1 AUTHORS

Brandon Black <blblack@gmail.com>

Trym Skaar <trym@tryms.no>

=head1 LICENSE

You may distribute this code under the same terms as Perl itself.

=cut

1;
Commit	Line	Data
3885cff6	1	package DBIx::Class::Storage::DBI::NoBindVars;
	2
	3	use strict;
	4	use warnings;
	5
	6	use base 'DBIx::Class::Storage::DBI';
	7
b43345f2	8	=head1 NAME
	9
	10	DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables
	11
	12	=head1 DESCRIPTION
	13
	14	This class allows queries to work when the DBD or underlying library does not
	15	support the usual C<?> placeholders, or at least doesn't support them very
	16	well, as is the case with L<DBD::Sybase>
	17
	18	=head1 METHODS
	19
b33697ef	20	=head2 connect_info
b43345f2	21
b33697ef	22	We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set.
b43345f2	23
	24	=cut
	25
b33697ef	26	sub connect_info {
b33697ef	27	my $self = shift;
d944c5ae	28	my $retval = $self->next::method(@_);
b33697ef	29	$self->disable_sth_caching(1);
b33697ef	30	$retval;
b43345f2	31	}
b43345f2	32
d5130dd2	33	=head2 _prep_for_execute
b43345f2	34
d5130dd2	35	Manually subs in the values for the usual C<?> placeholders.
b43345f2	36
	37	=cut
	38
d5130dd2	39	sub _prep_for_execute {
d5130dd2	40	my $self = shift;
b50a5275	41
	42	my ($op, $extra_bind, $ident) = @_;
	43
d944c5ae	44	my ($sql, $bind) = $self->next::method(@_);
	45
	46	# stringify args, quote via $dbh, and manually insert
	47
b4474f31	48	my @sql_part = split /\?/, $sql;
	49	my $new_sql;
	50
d944c5ae	51	foreach my $bound (@$bind) {
b50a5275	52	my $col = shift @$bound;
5432c6ae	53	my $datatype = 'FIXME!!!';
d944c5ae	54	foreach my $data (@$bound) {
	55	if(ref $data) {
	56	$data = ''.$data;
	57	}
148e3b50	58	$data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data);
b50a5275	59	$new_sql .= shift(@sql_part) . $data;
d944c5ae	60	}
d944c5ae	61	}
b4474f31	62	$new_sql .= join '', @sql_part;
d5130dd2	63
01c04b1b	64	return ($new_sql, []);
3885cff6	65	}
3885cff6	66
0c1bedfc	67	=head2 should_quote_data_type
0c1bedfc	68
148e3b50	69	This method is called by L</_prep_for_execute> for every column in
	70	order to determine if its value should be quoted or not. The arguments
	71	are the current column data type and the actual bind value. The return
	72	value is interpreted as: true - do quote, false - do not quote. You should
	73	override this in you Storage::DBI::<database> subclass, if your RDBMS
	74	does not like quotes around certain datatypes (e.g. Sybase and integer
	75	columns). The default method always returns true (do quote).
0c1bedfc	76
	77	WARNING!!!
	78
148e3b50	79	Always validate that the bind-value is valid for the current datatype.
148e3b50	80	Otherwise you may very well open the door to SQL injection attacks.
0c1bedfc	81
	82	=cut
	83
148e3b50	84	sub should_quote_data_type { 1 }
148e3b50	85
3885cff6	86	=head1 AUTHORS
	87
	88	Brandon Black <blblack@gmail.com>
b43345f2	89
7762b22c	90	Trym Skaar <trym@tryms.no>
3885cff6	91
	92	=head1 LICENSE
	93
	94	You may distribute this code under the same terms as Perl itself.
	95
	96	=cut
b43345f2	97
b43345f2	98	1;