| Commit | Line | Data |
|---|
| 3885cff6 |
1 | package DBIx::Class::Storage::DBI::NoBindVars; |
| 2 | |
| 3 | use strict; |
| 4 | use warnings; |
| 5 | |
| 6 | use base 'DBIx::Class::Storage::DBI'; |
| b55e97a7 |
7 | use Scalar::Util (); |
| 8 | use Carp::Clan qw/^DBIx::Class/; |
| 3885cff6 |
9 | |
| b43345f2 |
10 | =head1 NAME |
| 11 | |
| 12 | DBIx::Class::Storage::DBI::NoBindVars - Sometime DBDs have poor to no support for bind variables |
| 13 | |
| 14 | =head1 DESCRIPTION |
| 15 | |
| 16 | This class allows queries to work when the DBD or underlying library does not |
| 17 | support the usual C<?> placeholders, or at least doesn't support them very |
| 18 | well, as is the case with L<DBD::Sybase> |
| 19 | |
| 20 | =head1 METHODS |
| 21 | |
| b33697ef |
22 | =head2 connect_info |
| b43345f2 |
23 | |
| b33697ef |
24 | We can't cache very effectively without bind variables, so force the C<disable_sth_caching> setting to be turned on when the connect info is set. |
| b43345f2 |
25 | |
| 26 | =cut |
| 27 | |
| b33697ef |
28 | sub connect_info { |
| 29 | my $self = shift; |
| d944c5ae |
30 | my $retval = $self->next::method(@_); |
| b33697ef |
31 | $self->disable_sth_caching(1); |
| 32 | $retval; |
| b43345f2 |
33 | } |
| 34 | |
| d5130dd2 |
35 | =head2 _prep_for_execute |
| b43345f2 |
36 | |
| d5130dd2 |
37 | Manually subs in the values for the usual C<?> placeholders. |
| b43345f2 |
38 | |
| 39 | =cut |
| 40 | |
| d5130dd2 |
41 | sub _prep_for_execute { |
| 42 | my $self = shift; |
| b50a5275 |
43 | |
| 0c449973 |
44 | my ($op, $extra_bind, $ident, $args) = @_; |
| b50a5275 |
45 | |
| d944c5ae |
46 | my ($sql, $bind) = $self->next::method(@_); |
| 47 | |
| 48 | # stringify args, quote via $dbh, and manually insert |
| 49 | |
| b4474f31 |
50 | my @sql_part = split /\?/, $sql; |
| 51 | my $new_sql; |
| 52 | |
| d944c5ae |
53 | foreach my $bound (@$bind) { |
| b50a5275 |
54 | my $col = shift @$bound; |
| b55e97a7 |
55 | |
| 17d750d7 |
56 | $col =~ s/^([^.]*)\.//; |
| 57 | my $alias = $1 || 'me'; |
| b55e97a7 |
58 | |
| 17d750d7 |
59 | my $datatype = $self->_resolve_ident_sources($ident)->{$alias} |
| 60 | ->column_info($col)->{data_type}; |
| b55e97a7 |
61 | |
| d944c5ae |
62 | foreach my $data (@$bound) { |
| 63 | if(ref $data) { |
| 64 | $data = ''.$data; |
| 65 | } |
| 148e3b50 |
66 | $data = $self->_dbh->quote($data) if $self->should_quote_data_type($datatype, $data); |
| b50a5275 |
67 | $new_sql .= shift(@sql_part) . $data; |
| d944c5ae |
68 | } |
| 69 | } |
| b4474f31 |
70 | $new_sql .= join '', @sql_part; |
| d5130dd2 |
71 | |
| 01c04b1b |
72 | return ($new_sql, []); |
| 3885cff6 |
73 | } |
| 74 | |
| 0c1bedfc |
75 | =head2 should_quote_data_type |
| 76 | |
| 148e3b50 |
77 | This method is called by L</_prep_for_execute> for every column in |
| 78 | order to determine if its value should be quoted or not. The arguments |
| 79 | are the current column data type and the actual bind value. The return |
| 80 | value is interpreted as: true - do quote, false - do not quote. You should |
| 81 | override this in you Storage::DBI::<database> subclass, if your RDBMS |
| 82 | does not like quotes around certain datatypes (e.g. Sybase and integer |
| 83 | columns). The default method always returns true (do quote). |
| 0c1bedfc |
84 | |
| 85 | WARNING!!! |
| 86 | |
| 148e3b50 |
87 | Always validate that the bind-value is valid for the current datatype. |
| 88 | Otherwise you may very well open the door to SQL injection attacks. |
| 0c1bedfc |
89 | |
| 90 | =cut |
| 91 | |
| 148e3b50 |
92 | sub should_quote_data_type { 1 } |
| 93 | |
| 3885cff6 |
94 | =head1 AUTHORS |
| 95 | |
| 96 | Brandon Black <blblack@gmail.com> |
| b43345f2 |
97 | |
| 7762b22c |
98 | Trym Skaar <trym@tryms.no> |
| 3885cff6 |
99 | |
| 100 | =head1 LICENSE |
| 101 | |
| 102 | You may distribute this code under the same terms as Perl itself. |
| 103 | |
| 104 | =cut |
| b43345f2 |
105 | |
| 106 | 1; |
projects / dbsrgits/DBIx-Class.git / blame