projects / scpubgit/Q-Branch.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
Fix typos in literal + bind examples
[scpubgit/Q-Branch.git] / lib / SQL / Abstract.pm
CommitLineData
96449e8e 1package SQL::Abstract; # see doc at end of file
2
96449e8e 3use strict;
4use warnings;
9d9d5bd6 5use Carp ();
312d830b 6use List::Util ();
7use Scalar::Util ();
96449e8e 8
0da0fe34 9use Exporter 'import';
10our @EXPORT_OK = qw(is_plain_value is_literal_value);
11
12BEGIN {
13 if ($] < 5.009_005) {
14 require MRO::Compat;
15 }
16 else {
17 require mro;
18 }
843a94b5 19
20 *SQL::Abstract::_ENV_::DETECT_AUTOGENERATED_STRINGIFICATION = $ENV{SQLA_ISVALUE_IGNORE_AUTOGENERATED_STRINGIFICATION}
21 ? sub () { 0 }
22 : sub () { 1 }
23 ;
0da0fe34 24}
25
96449e8e 26#======================================================================
27# GLOBALS
28#======================================================================
29
b54fd911 30our $VERSION = '1.78';
7479e27e 31
22f1a437 32# This would confuse some packagers
c520207b 33$VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
96449e8e 34
35our $AUTOLOAD;
36
37# special operators (-in, -between). May be extended/overridden by user.
38# See section WHERE: BUILTIN SPECIAL OPERATORS below for implementation
39my @BUILTIN_SPECIAL_OPS = (
b8db59b8 40 {regex => qr/^ (?: not \s )? between $/ix, handler => '_where_field_BETWEEN'},
41 {regex => qr/^ (?: not \s )? in $/ix, handler => '_where_field_IN'},
cc422895 42 {regex => qr/^ ident $/ix, handler => '_where_op_IDENT'},
43 {regex => qr/^ value $/ix, handler => '_where_op_VALUE'},
b9b5a0b1 44 {regex => qr/^ is (?: \s+ not )? $/ix, handler => '_where_field_IS'},
96449e8e 45);
46
97a920ef 47# unaryish operators - key maps to handler
59f23b3d 48my @BUILTIN_UNARY_OPS = (
a47b433a 49 # the digits are backcompat stuff
b8db59b8 50 { regex => qr/^ and (?: [_\s]? \d+ )? $/xi, handler => '_where_op_ANDOR' },
51 { regex => qr/^ or (?: [_\s]? \d+ )? $/xi, handler => '_where_op_ANDOR' },
52 { regex => qr/^ nest (?: [_\s]? \d+ )? $/xi, handler => '_where_op_NEST' },
53 { regex => qr/^ (?: not \s )? bool $/xi, handler => '_where_op_BOOL' },
cc422895 54 { regex => qr/^ ident $/xi, handler => '_where_op_IDENT' },
b9b5a0b1 55 { regex => qr/^ value $/xi, handler => '_where_op_VALUE' },
59f23b3d 56);
97a920ef 57
96449e8e 58#======================================================================
59# DEBUGGING AND ERROR REPORTING
60#======================================================================
61
62sub _debug {
63 return unless $_[0]->{debug}; shift; # a little faster
64 my $func = (caller(1))[3];
65 warn "[$func] ", @_, "\n";
66}
67
68sub belch (@) {
69 my($func) = (caller(1))[3];
9d9d5bd6 70 Carp::carp "[$func] Warning: ", @_;
96449e8e 71}
72
73sub puke (@) {
74 my($func) = (caller(1))[3];
9d9d5bd6 75 Carp::croak "[$func] Fatal: ", @_;
96449e8e 76}
77
0da0fe34 78sub is_literal_value ($) {
79 ref $_[0] eq 'SCALAR' ? [ ${$_[0]} ]
80 : ( ref $_[0] eq 'REF' and ref ${$_[0]} eq 'ARRAY' ) ? [ @${ $_[0] } ]
81 : (
82 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
83 and
84 defined $_[0]->{-ident} and ! length ref $_[0]->{-ident}
85 ) ? [ $_[0]->{-ident} ]
86 : undef;
87}
88
89# FIXME XSify - this can be done so much more efficiently
90sub is_plain_value ($) {
91 no strict 'refs';
966200cc 92 ! length ref $_[0] ? \($_[0])
0da0fe34 93 : (
94 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
95 and
96 exists $_[0]->{-value}
966200cc 97 ) ? \($_[0]->{-value})
0da0fe34 98 : (
a1c9e0ff 99 # reuse @_ for even moar speedz
100 defined ( $_[1] = Scalar::Util::blessed $_[0] )
0da0fe34 101 and
102 # deliberately not using Devel::OverloadInfo - the checks we are
103 # intersted in are much more limited than the fullblown thing, and
104 # this is a very hot piece of code
105 (
e8d729d4 106 # simply using ->can('(""') can leave behind stub methods that
107 # break actually using the overload later (see L<perldiag/Stub
108 # found while resolving method "%s" overloading "%s" in package
109 # "%s"> and the source of overload::mycan())
44e54b41 110 #
0da0fe34 111 # either has stringification which DBI SHOULD prefer out of the box
a1c9e0ff 112 grep { *{ (qq[${_}::(""]) }{CODE} } @{ $_[2] = mro::get_linear_isa( $_[1] ) }
0da0fe34 113 or
20e178a8 114 # has nummification or boolification, AND fallback is *not* disabled
0da0fe34 115 (
843a94b5 116 SQL::Abstract::_ENV_::DETECT_AUTOGENERATED_STRINGIFICATION
117 and
20e178a8 118 (
119 grep { *{"${_}::(0+"}{CODE} } @{$_[2]}
120 or
121 grep { *{"${_}::(bool"}{CODE} } @{$_[2]}
122 )
0da0fe34 123 and
124 (
125 # no fallback specified at all
a1c9e0ff 126 ! ( ($_[3]) = grep { *{"${_}::()"}{CODE} } @{$_[2]} )
0da0fe34 127 or
128 # fallback explicitly undef
a1c9e0ff 129 ! defined ${"$_[3]::()"}
0da0fe34 130 or
131 # explicitly true
a1c9e0ff 132 !! ${"$_[3]::()"}
0da0fe34 133 )
134 )
135 )
966200cc 136 ) ? \($_[0])
0da0fe34 137 : undef;
138}
139
140
96449e8e 141
142#======================================================================
143# NEW
144#======================================================================
145
146sub new {
147 my $self = shift;
148 my $class = ref($self) || $self;
149 my %opt = (ref $_[0] eq 'HASH') ? %{$_[0]} : @_;
150
151 # choose our case by keeping an option around
152 delete $opt{case} if $opt{case} && $opt{case} ne 'lower';
153
154 # default logic for interpreting arrayrefs
ef559da3 155 $opt{logic} = $opt{logic} ? uc $opt{logic} : 'OR';
96449e8e 156
157 # how to return bind vars
96449e8e 158 $opt{bindtype} ||= 'normal';
159
160 # default comparison is "=", but can be overridden
161 $opt{cmp} ||= '=';
162
3af02ccb 163 # try to recognize which are the 'equality' and 'inequality' ops
3cdadcbe 164 # (temporary quickfix (in 2007), should go through a more seasoned API)
165 $opt{equality_op} = qr/^( \Q$opt{cmp}\E | \= )$/ix;
166 $opt{inequality_op} = qr/^( != | <> )$/ix;
167
168 $opt{like_op} = qr/^ (is\s+)? r?like $/xi;
169 $opt{not_like_op} = qr/^ (is\s+)? not \s+ r?like $/xi;
96449e8e 170
171 # SQL booleans
172 $opt{sqltrue} ||= '1=1';
173 $opt{sqlfalse} ||= '0=1';
174
9d48860e 175 # special operators
96449e8e 176 $opt{special_ops} ||= [];
b6251592 177 # regexes are applied in order, thus push after user-defines
96449e8e 178 push @{$opt{special_ops}}, @BUILTIN_SPECIAL_OPS;
179
9d48860e 180 # unary operators
59f23b3d 181 $opt{unary_ops} ||= [];
182 push @{$opt{unary_ops}}, @BUILTIN_UNARY_OPS;
183
3af02ccb 184 # rudimentary sanity-check for user supplied bits treated as functions/operators
b6251592 185 # If a purported function matches this regular expression, an exception is thrown.
186 # Literal SQL is *NOT* subject to this check, only functions (and column names
187 # when quoting is not in effect)
96449e8e 188
b6251592 189 # FIXME
190 # need to guard against ()'s in column names too, but this will break tons of
191 # hacks... ideas anyone?
192 $opt{injection_guard} ||= qr/
193 \;
194 |
195 ^ \s* go \s
196 /xmi;
96449e8e 197
b6251592 198 return bless \%opt, $class;
199}
96449e8e 200
170e6c33 201
202sub _assert_pass_injection_guard {
203 if ($_[1] =~ $_[0]->{injection_guard}) {
204 my $class = ref $_[0];
205 puke "Possible SQL injection attempt '$_[1]'. If this is indeed a part of the "
206 . "desired SQL use literal SQL ( \'...' or \[ '...' ] ) or supply your own "
207 . "{injection_guard} attribute to ${class}->new()"
208 }
209}
210
211
96449e8e 212#======================================================================
213# INSERT methods
214#======================================================================
215
216sub insert {
02288357 217 my $self = shift;
218 my $table = $self->_table(shift);
219 my $data = shift || return;
220 my $options = shift;
96449e8e 221
222 my $method = $self->_METHOD_FOR_refkind("_insert", $data);
02288357 223 my ($sql, @bind) = $self->$method($data);
96449e8e 224 $sql = join " ", $self->_sqlcase('insert into'), $table, $sql;
02288357 225
e82e648a 226 if ($options->{returning}) {
227 my ($s, @b) = $self->_insert_returning ($options);
228 $sql .= $s;
229 push @bind, @b;
02288357 230 }
231
96449e8e 232 return wantarray ? ($sql, @bind) : $sql;
233}
234
6b1fe79d 235sub _insert_returning {
e82e648a 236 my ($self, $options) = @_;
6b1fe79d 237
e82e648a 238 my $f = $options->{returning};
239
240 my $fieldlist = $self->_SWITCH_refkind($f, {
241 ARRAYREF => sub {join ', ', map { $self->_quote($_) } @$f;},
242 SCALAR => sub {$self->_quote($f)},
243 SCALARREF => sub {$$f},
6b1fe79d 244 });
e82e648a 245 return $self->_sqlcase(' returning ') . $fieldlist;
6b1fe79d 246}
247
96449e8e 248sub _insert_HASHREF { # explicit list of fields and then values
249 my ($self, $data) = @_;
250
251 my @fields = sort keys %$data;
252
fe3ae272 253 my ($sql, @bind) = $self->_insert_values($data);
96449e8e 254
255 # assemble SQL
256 $_ = $self->_quote($_) foreach @fields;
257 $sql = "( ".join(", ", @fields).") ".$sql;
258
259 return ($sql, @bind);
260}
261
262sub _insert_ARRAYREF { # just generate values(?,?) part (no list of fields)
263 my ($self, $data) = @_;
264
265 # no names (arrayref) so can't generate bindtype
266 $self->{bindtype} ne 'columns'
267 or belch "can't do 'columns' bindtype when called with arrayref";
268
fe3ae272 269 # fold the list of values into a hash of column name - value pairs
270 # (where the column names are artificially generated, and their
271 # lexicographical ordering keep the ordering of the original list)
272 my $i = "a"; # incremented values will be in lexicographical order
273 my $data_in_hash = { map { ($i++ => $_) } @$data };
274
275 return $self->_insert_values($data_in_hash);
276}
277
278sub _insert_ARRAYREFREF { # literal SQL with bind
279 my ($self, $data) = @_;
280
281 my ($sql, @bind) = @${$data};
282 $self->_assert_bindval_matches_bindtype(@bind);
283
284 return ($sql, @bind);
285}
286
287
288sub _insert_SCALARREF { # literal SQL without bind
289 my ($self, $data) = @_;
290
291 return ($$data);
292}
293
294sub _insert_values {
295 my ($self, $data) = @_;
296
96449e8e 297 my (@values, @all_bind);
fe3ae272 298 foreach my $column (sort keys %$data) {
299 my $v = $data->{$column};
96449e8e 300
301 $self->_SWITCH_refkind($v, {
302
9d48860e 303 ARRAYREF => sub {
96449e8e 304 if ($self->{array_datatypes}) { # if array datatype are activated
305 push @values, '?';
fe3ae272 306 push @all_bind, $self->_bindtype($column, $v);
96449e8e 307 }
308 else { # else literal SQL with bind
309 my ($sql, @bind) = @$v;
fe3ae272 310 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 311 push @values, $sql;
312 push @all_bind, @bind;
313 }
314 },
315
316 ARRAYREFREF => sub { # literal SQL with bind
317 my ($sql, @bind) = @${$v};
fe3ae272 318 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 319 push @values, $sql;
320 push @all_bind, @bind;
321 },
322
9d48860e 323 # THINK : anything useful to do with a HASHREF ?
5db47f9f 324 HASHREF => sub { # (nothing, but old SQLA passed it through)
325 #TODO in SQLA >= 2.0 it will die instead
326 belch "HASH ref as bind value in insert is not supported";
327 push @values, '?';
fe3ae272 328 push @all_bind, $self->_bindtype($column, $v);
5db47f9f 329 },
96449e8e 330
331 SCALARREF => sub { # literal SQL without bind
332 push @values, $$v;
333 },
334
335 SCALAR_or_UNDEF => sub {
336 push @values, '?';
fe3ae272 337 push @all_bind, $self->_bindtype($column, $v);
96449e8e 338 },
339
340 });
341
342 }
343
344 my $sql = $self->_sqlcase('values')." ( ".join(", ", @values)." )";
345 return ($sql, @all_bind);
346}
347
348
96449e8e 349
350#======================================================================
351# UPDATE methods
352#======================================================================
353
354
355sub update {
356 my $self = shift;
357 my $table = $self->_table(shift);
358 my $data = shift || return;
359 my $where = shift;
360
361 # first build the 'SET' part of the sql statement
362 my (@set, @all_bind);
363 puke "Unsupported data type specified to \$sql->update"
364 unless ref $data eq 'HASH';
365
366 for my $k (sort keys %$data) {
367 my $v = $data->{$k};
368 my $r = ref $v;
369 my $label = $self->_quote($k);
370
371 $self->_SWITCH_refkind($v, {
9d48860e 372 ARRAYREF => sub {
96449e8e 373 if ($self->{array_datatypes}) { # array datatype
374 push @set, "$label = ?";
375 push @all_bind, $self->_bindtype($k, $v);
376 }
377 else { # literal SQL with bind
378 my ($sql, @bind) = @$v;
fe3ae272 379 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 380 push @set, "$label = $sql";
fe3ae272 381 push @all_bind, @bind;
96449e8e 382 }
383 },
384 ARRAYREFREF => sub { # literal SQL with bind
385 my ($sql, @bind) = @${$v};
fe3ae272 386 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 387 push @set, "$label = $sql";
fe3ae272 388 push @all_bind, @bind;
96449e8e 389 },
390 SCALARREF => sub { # literal SQL without bind
391 push @set, "$label = $$v";
0ec3aec7 392 },
393 HASHREF => sub {
394 my ($op, $arg, @rest) = %$v;
395
396 puke 'Operator calls in update must be in the form { -op => $arg }'
397 if (@rest or not $op =~ /^\-(.+)/);
398
399 local $self->{_nested_func_lhs} = $k;
400 my ($sql, @bind) = $self->_where_unary_op ($1, $arg);
401
402 push @set, "$label = $sql";
403 push @all_bind, @bind;
404 },
96449e8e 405 SCALAR_or_UNDEF => sub {
406 push @set, "$label = ?";
407 push @all_bind, $self->_bindtype($k, $v);
408 },
409 });
410 }
411
412 # generate sql
413 my $sql = $self->_sqlcase('update') . " $table " . $self->_sqlcase('set ')
414 . join ', ', @set;
415
416 if ($where) {
417 my($where_sql, @where_bind) = $self->where($where);
418 $sql .= $where_sql;
419 push @all_bind, @where_bind;
420 }
421
422 return wantarray ? ($sql, @all_bind) : $sql;
423}
424
425
426
427
428#======================================================================
429# SELECT
430#======================================================================
431
432
433sub select {
434 my $self = shift;
435 my $table = $self->_table(shift);
436 my $fields = shift || '*';
437 my $where = shift;
438 my $order = shift;
439
440 my($where_sql, @bind) = $self->where($where, $order);
441
442 my $f = (ref $fields eq 'ARRAY') ? join ', ', map { $self->_quote($_) } @$fields
443 : $fields;
9d48860e 444 my $sql = join(' ', $self->_sqlcase('select'), $f,
96449e8e 445 $self->_sqlcase('from'), $table)
446 . $where_sql;
447
9d48860e 448 return wantarray ? ($sql, @bind) : $sql;
96449e8e 449}
450
451#======================================================================
452# DELETE
453#======================================================================
454
455
456sub delete {
457 my $self = shift;
458 my $table = $self->_table(shift);
459 my $where = shift;
460
461
462 my($where_sql, @bind) = $self->where($where);
463 my $sql = $self->_sqlcase('delete from') . " $table" . $where_sql;
464
9d48860e 465 return wantarray ? ($sql, @bind) : $sql;
96449e8e 466}
467
468
469#======================================================================
470# WHERE: entry point
471#======================================================================
472
473
474
475# Finally, a separate routine just to handle WHERE clauses
476sub where {
477 my ($self, $where, $order) = @_;
478
479 # where ?
480 my ($sql, @bind) = $self->_recurse_where($where);
481 $sql = $sql ? $self->_sqlcase(' where ') . "( $sql )" : '';
482
483 # order by?
484 if ($order) {
485 $sql .= $self->_order_by($order);
486 }
487
9d48860e 488 return wantarray ? ($sql, @bind) : $sql;
96449e8e 489}
490
491
492sub _recurse_where {
493 my ($self, $where, $logic) = @_;
494
495 # dispatch on appropriate method according to refkind of $where
496 my $method = $self->_METHOD_FOR_refkind("_where", $where);
311b2151 497
9d48860e 498 my ($sql, @bind) = $self->$method($where, $logic);
311b2151 499
9d48860e 500 # DBIx::Class directly calls _recurse_where in scalar context, so
311b2151 501 # we must implement it, even if not in the official API
9d48860e 502 return wantarray ? ($sql, @bind) : $sql;
96449e8e 503}
504
505
506
507#======================================================================
508# WHERE: top-level ARRAYREF
509#======================================================================
510
511
512sub _where_ARRAYREF {
5e1d09d5 513 my ($self, $where, $logic) = @_;
96449e8e 514
5e1d09d5 515 $logic = uc($logic || $self->{logic});
96449e8e 516 $logic eq 'AND' or $logic eq 'OR' or puke "unknown logic: $logic";
517
518 my @clauses = @$where;
519
96449e8e 520 my (@sql_clauses, @all_bind);
96449e8e 521 # need to use while() so can shift() for pairs
9d48860e 522 while (my $el = shift @clauses) {
96449e8e 523
524 # switch according to kind of $el and get corresponding ($sql, @bind)
525 my ($sql, @bind) = $self->_SWITCH_refkind($el, {
526
527 # skip empty elements, otherwise get invalid trailing AND stuff
528 ARRAYREF => sub {$self->_recurse_where($el) if @$el},
529
c94a6c93 530 ARRAYREFREF => sub {
531 my ($s, @b) = @$$el;
532 $self->_assert_bindval_matches_bindtype(@b);
533 ($s, @b);
534 },
474e3335 535
96449e8e 536 HASHREF => sub {$self->_recurse_where($el, 'and') if %$el},
96449e8e 537
538 SCALARREF => sub { ($$el); },
539
540 SCALAR => sub {# top-level arrayref with scalars, recurse in pairs
541 $self->_recurse_where({$el => shift(@clauses)})},
542
543 UNDEF => sub {puke "not supported : UNDEF in arrayref" },
544 });
545
4b7b6026 546 if ($sql) {
547 push @sql_clauses, $sql;
548 push @all_bind, @bind;
549 }
96449e8e 550 }
551
552 return $self->_join_sql_clauses($logic, \@sql_clauses, \@all_bind);
553}
554
474e3335 555#======================================================================
556# WHERE: top-level ARRAYREFREF
557#======================================================================
96449e8e 558
474e3335 559sub _where_ARRAYREFREF {
560 my ($self, $where) = @_;
c94a6c93 561 my ($sql, @bind) = @$$where;
562 $self->_assert_bindval_matches_bindtype(@bind);
474e3335 563 return ($sql, @bind);
564}
96449e8e 565
566#======================================================================
567# WHERE: top-level HASHREF
568#======================================================================
569
570sub _where_HASHREF {
571 my ($self, $where) = @_;
572 my (@sql_clauses, @all_bind);
573
2281c758 574 for my $k (sort keys %$where) {
96449e8e 575 my $v = $where->{$k};
576
2281c758 577 # ($k => $v) is either a special unary op or a regular hashpair
578 my ($sql, @bind) = do {
579 if ($k =~ /^-./) {
580 # put the operator in canonical form
581 my $op = $k;
b8db59b8 582 $op = substr $op, 1; # remove initial dash
2281c758 583 $op =~ s/^\s+|\s+$//g;# remove leading/trailing space
b8db59b8 584 $op =~ s/\s+/ /g; # compress whitespace
585
586 # so that -not_foo works correctly
587 $op =~ s/^not_/NOT /i;
2281c758 588
589 $self->_debug("Unary OP(-$op) within hashref, recursing...");
0ec3aec7 590 my ($s, @b) = $self->_where_unary_op ($op, $v);
591
592 # top level vs nested
593 # we assume that handled unary ops will take care of their ()s
594 $s = "($s)" unless (
595 List::Util::first {$op =~ $_->{regex}} @{$self->{unary_ops}}
596 or
597 defined($self->{_nested_func_lhs}) && ($self->{_nested_func_lhs} eq $k)
598 );
599 ($s, @b);
2281c758 600 }
601 else {
602 my $method = $self->_METHOD_FOR_refkind("_where_hashpair", $v);
603 $self->$method($k, $v);
604 }
605 };
96449e8e 606
607 push @sql_clauses, $sql;
608 push @all_bind, @bind;
609 }
610
611 return $self->_join_sql_clauses('and', \@sql_clauses, \@all_bind);
612}
613
0ec3aec7 614sub _where_unary_op {
2281c758 615 my ($self, $op, $rhs) = @_;
96449e8e 616
0ec3aec7 617 if (my $op_entry = List::Util::first {$op =~ $_->{regex}} @{$self->{unary_ops}}) {
618 my $handler = $op_entry->{handler};
619
620 if (not ref $handler) {
621 if ($op =~ s/ [_\s]? \d+ $//x ) {
622 belch 'Use of [and|or|nest]_N modifiers is deprecated and will be removed in SQLA v2.0. '
623 . "You probably wanted ...-and => [ -$op => COND1, -$op => COND2 ... ]";
624 }
625 return $self->$handler ($op, $rhs);
626 }
627 elsif (ref $handler eq 'CODE') {
628 return $handler->($self, $op, $rhs);
629 }
630 else {
631 puke "Illegal handler for operator $op - expecting a method name or a coderef";
632 }
633 }
634
3d86e3b1 635 $self->_debug("Generic unary OP: $op - recursing as function");
0ec3aec7 636
170e6c33 637 $self->_assert_pass_injection_guard($op);
b6251592 638
2281c758 639 my ($sql, @bind) = $self->_SWITCH_refkind ($rhs, {
640 SCALAR => sub {
a7661cfc 641 puke "Illegal use of top-level '$op'"
642 unless $self->{_nested_func_lhs};
643
644 return (
645 $self->_convert('?'),
646 $self->_bindtype($self->{_nested_func_lhs}, $rhs)
647 );
2281c758 648 },
649 FALLBACK => sub {
650 $self->_recurse_where ($rhs)
651 },
652 });
96449e8e 653
953d164e 654 $sql = sprintf ('%s %s',
2281c758 655 $self->_sqlcase($op),
953d164e 656 $sql,
2281c758 657 );
96449e8e 658
2281c758 659 return ($sql, @bind);
97a920ef 660}
661
662sub _where_op_ANDOR {
2281c758 663 my ($self, $op, $v) = @_;
97a920ef 664
665 $self->_SWITCH_refkind($v, {
666 ARRAYREF => sub {
667 return $self->_where_ARRAYREF($v, $op);
668 },
669
670 HASHREF => sub {
59f23b3d 671 return ( $op =~ /^or/i )
97a920ef 672 ? $self->_where_ARRAYREF( [ map { $_ => $v->{$_} } ( sort keys %$v ) ], $op )
673 : $self->_where_HASHREF($v);
674 },
675
9d48860e 676 SCALARREF => sub {
48d9f5f8 677 puke "-$op => \\\$scalar makes little sense, use " .
a0d6d323 678 ($op =~ /^or/i
48d9f5f8 679 ? '[ \$scalar, \%rest_of_conditions ] instead'
680 : '-and => [ \$scalar, \%rest_of_conditions ] instead'
681 );
97a920ef 682 },
683
684 ARRAYREFREF => sub {
48d9f5f8 685 puke "-$op => \\[...] makes little sense, use " .
a0d6d323 686 ($op =~ /^or/i
48d9f5f8 687 ? '[ \[...], \%rest_of_conditions ] instead'
688 : '-and => [ \[...], \%rest_of_conditions ] instead'
689 );
97a920ef 690 },
691
692 SCALAR => sub { # permissively interpreted as SQL
48d9f5f8 693 puke "-$op => \$value makes little sense, use -bool => \$value instead";
97a920ef 694 },
695
696 UNDEF => sub {
697 puke "-$op => undef not supported";
698 },
699 });
700}
701
702sub _where_op_NEST {
9d48860e 703 my ($self, $op, $v) = @_;
97a920ef 704
96449e8e 705 $self->_SWITCH_refkind($v, {
706
96449e8e 707 SCALAR => sub { # permissively interpreted as SQL
01a01e57 708 belch "literal SQL should be -nest => \\'scalar' "
709 . "instead of -nest => 'scalar' ";
9d48860e 710 return ($v);
96449e8e 711 },
712
713 UNDEF => sub {
714 puke "-$op => undef not supported";
715 },
e9501094 716
717 FALLBACK => sub {
718 $self->_recurse_where ($v);
719 },
720
96449e8e 721 });
722}
723
724
97a920ef 725sub _where_op_BOOL {
9d48860e 726 my ($self, $op, $v) = @_;
97a920ef 727
b8db59b8 728 my ($s, @b) = $self->_SWITCH_refkind($v, {
729 SCALAR => sub { # interpreted as SQL column
730 $self->_convert($self->_quote($v));
731 },
ef03f1bc 732
b8db59b8 733 UNDEF => sub {
734 puke "-$op => undef not supported";
735 },
97a920ef 736
b8db59b8 737 FALLBACK => sub {
738 $self->_recurse_where ($v);
739 },
740 });
ef03f1bc 741
b8db59b8 742 $s = "(NOT $s)" if $op =~ /^not/i;
743 ($s, @b);
97a920ef 744}
745
746
cc422895 747sub _where_op_IDENT {
748 my $self = shift;
749 my ($op, $rhs) = splice @_, -2;
8aa76984 750 if (! defined $rhs or length ref $rhs) {
751 puke "-$op requires a single plain scalar argument (a quotable identifier)";
cc422895 752 }
753
754 # in case we are called as a top level special op (no '=')
755 my $lhs = shift;
756
757 $_ = $self->_convert($self->_quote($_)) for ($lhs, $rhs);
758
759 return $lhs
760 ? "$lhs = $rhs"
761 : $rhs
762 ;
763}
764
765sub _where_op_VALUE {
766 my $self = shift;
767 my ($op, $rhs) = splice @_, -2;
768
769 # in case we are called as a top level special op (no '=')
770 my $lhs = shift;
771
422ed2de 772 # special-case NULL
773 if (! defined $rhs) {
774 return $lhs
775 ? $self->_convert($self->_quote($lhs)) . ' IS NULL'
776 : undef
777 ;
778 }
779
cc422895 780 my @bind =
781 $self->_bindtype (
782 ($lhs || $self->{_nested_func_lhs}),
783 $rhs,
784 )
785 ;
786
787 return $lhs
788 ? (
789 $self->_convert($self->_quote($lhs)) . ' = ' . $self->_convert('?'),
790 @bind
791 )
792 : (
793 $self->_convert('?'),
794 @bind,
795 )
796 ;
797}
798
96449e8e 799sub _where_hashpair_ARRAYREF {
800 my ($self, $k, $v) = @_;
801
802 if( @$v ) {
803 my @v = @$v; # need copy because of shift below
804 $self->_debug("ARRAY($k) means distribute over elements");
805
806 # put apart first element if it is an operator (-and, -or)
e3cecb45 807 my $op = (
808 (defined $v[0] && $v[0] =~ /^ - (?: AND|OR ) $/ix)
809 ? shift @v
810 : ''
04d940de 811 );
96449e8e 812 my @distributed = map { {$k => $_} } @v;
04d940de 813
814 if ($op) {
815 $self->_debug("OP($op) reinjected into the distributed array");
816 unshift @distributed, $op;
817 }
818
f67591bf 819 my $logic = $op ? substr($op, 1) : '';
96449e8e 820
f67591bf 821 return $self->_recurse_where(\@distributed, $logic);
9d48860e 822 }
96449e8e 823 else {
96449e8e 824 $self->_debug("empty ARRAY($k) means 0=1");
825 return ($self->{sqlfalse});
826 }
827}
828
829sub _where_hashpair_HASHREF {
eb49170d 830 my ($self, $k, $v, $logic) = @_;
831 $logic ||= 'and';
96449e8e 832
a7661cfc 833 local $self->{_nested_func_lhs} = $self->{_nested_func_lhs};
a7661cfc 834
eb49170d 835 my ($all_sql, @all_bind);
96449e8e 836
a47b433a 837 for my $orig_op (sort keys %$v) {
838 my $val = $v->{$orig_op};
96449e8e 839
840 # put the operator in canonical form
a47b433a 841 my $op = $orig_op;
b8db59b8 842
843 # FIXME - we need to phase out dash-less ops
844 $op =~ s/^-//; # remove possible initial dash
a47b433a 845 $op =~ s/^\s+|\s+$//g;# remove leading/trailing space
b8db59b8 846 $op =~ s/\s+/ /g; # compress whitespace
847
170e6c33 848 $self->_assert_pass_injection_guard($op);
b6251592 849
b9b5a0b1 850 # fixup is_not
851 $op =~ s/^is_not/IS NOT/i;
852
b8db59b8 853 # so that -not_foo works correctly
854 $op =~ s/^not_/NOT /i;
96449e8e 855
422ed2de 856 # another retarded special case: foo => { $op => { -value => undef } }
857 if (ref $val eq 'HASH' and keys %$val == 1 and exists $val->{-value} and ! defined $val->{-value} ) {
858 $val = undef;
859 }
860
96449e8e 861 my ($sql, @bind);
862
2281c758 863 # CASE: col-value logic modifiers
864 if ( $orig_op =~ /^ \- (and|or) $/xi ) {
865 ($sql, @bind) = $self->_where_hashpair_HASHREF($k, $val, $1);
866 }
96449e8e 867 # CASE: special operators like -in or -between
312d830b 868 elsif ( my $special_op = List::Util::first {$op =~ $_->{regex}} @{$self->{special_ops}} ) {
3a2e1a5e 869 my $handler = $special_op->{handler};
870 if (! $handler) {
a47b433a 871 puke "No handler supplied for special operator $orig_op";
3a2e1a5e 872 }
873 elsif (not ref $handler) {
874 ($sql, @bind) = $self->$handler ($k, $op, $val);
875 }
876 elsif (ref $handler eq 'CODE') {
877 ($sql, @bind) = $handler->($self, $k, $op, $val);
878 }
879 else {
a47b433a 880 puke "Illegal handler for special operator $orig_op - expecting a method name or a coderef";
3a2e1a5e 881 }
96449e8e 882 }
96449e8e 883 else {
cf838930 884 $self->_SWITCH_refkind($val, {
885
886 ARRAYREF => sub { # CASE: col => {op => \@vals}
887 ($sql, @bind) = $self->_where_field_op_ARRAYREF($k, $op, $val);
888 },
889
fe3ae272 890 ARRAYREFREF => sub { # CASE: col => {op => \[$sql, @bind]} (literal SQL with bind)
b3be7bd0 891 my ($sub_sql, @sub_bind) = @$$val;
fe3ae272 892 $self->_assert_bindval_matches_bindtype(@sub_bind);
b3be7bd0 893 $sql = join ' ', $self->_convert($self->_quote($k)),
894 $self->_sqlcase($op),
895 $sub_sql;
fe3ae272 896 @bind = @sub_bind;
b3be7bd0 897 },
898
cf838930 899 UNDEF => sub { # CASE: col => {op => undef} : sql "IS (NOT)? NULL"
3cdadcbe 900 my $is =
40f2f231 901 $op =~ /^not$/i ? 'is not' # legacy
902 : $op =~ $self->{equality_op} ? 'is'
3cdadcbe 903 : $op =~ $self->{like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is'
904 : $op =~ $self->{inequality_op} ? 'is not'
905 : $op =~ $self->{not_like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is not'
906 : puke "unexpected operator '$orig_op' with undef operand";
907
cf838930 908 $sql = $self->_quote($k) . $self->_sqlcase(" $is null");
909 },
a47b433a 910
2281c758 911 FALLBACK => sub { # CASE: col => {op/func => $stuff}
07936978 912
953d164e 913 # retain for proper column type bind
914 $self->{_nested_func_lhs} ||= $k;
07936978 915
0ec3aec7 916 ($sql, @bind) = $self->_where_unary_op ($op, $val);
953d164e 917
918 $sql = join (' ',
919 $self->_convert($self->_quote($k)),
920 $self->{_nested_func_lhs} eq $k ? $sql : "($sql)", # top level vs nested
921 );
cf838930 922 },
923 });
96449e8e 924 }
925
eb49170d 926 ($all_sql) = (defined $all_sql and $all_sql) ? $self->_join_sql_clauses($logic, [$all_sql, $sql], []) : $sql;
96449e8e 927 push @all_bind, @bind;
928 }
eb49170d 929 return ($all_sql, @all_bind);
96449e8e 930}
931
b9b5a0b1 932sub _where_field_IS {
933 my ($self, $k, $op, $v) = @_;
934
935 my ($s) = $self->_SWITCH_refkind($v, {
936 UNDEF => sub {
937 join ' ',
938 $self->_convert($self->_quote($k)),
939 map { $self->_sqlcase($_)} ($op, 'null')
940 },
941 FALLBACK => sub {
942 puke "$op can only take undef as argument";
943 },
944 });
96449e8e 945
b9b5a0b1 946 $s;
947}
96449e8e 948
949sub _where_field_op_ARRAYREF {
950 my ($self, $k, $op, $vals) = @_;
951
ce261791 952 my @vals = @$vals; #always work on a copy
953
954 if(@vals) {
bd6a65ca 955 $self->_debug(sprintf '%s means multiple elements: [ %s ]',
956 $vals,
957 join (', ', map { defined $_ ? "'$_'" : 'NULL' } @vals ),
958 );
96449e8e 959
4030915f 960 # see if the first element is an -and/-or op
961 my $logic;
bd6a65ca 962 if (defined $vals[0] && $vals[0] =~ /^ - ( AND|OR ) $/ix) {
4030915f 963 $logic = uc $1;
ce261791 964 shift @vals;
4030915f 965 }
966
3cdadcbe 967 # a long standing API wart - an attempt to change this behavior during
968 # the 1.50 series failed *spectacularly*. Warn instead and leave the
969 # behavior as is
970 if (
971 @vals > 1
972 and
973 (!$logic or $logic eq 'OR')
974 and
975 ( $op =~ $self->{inequality_op} or $op =~ $self->{not_like_op} )
976 ) {
977 my $o = uc($op);
978 belch "A multi-element arrayref as an argument to the inequality op '$o' "
979 . 'is technically equivalent to an always-true 1=1 (you probably wanted '
980 . "to say ...{ \$inequality_op => [ -and => \@values ] }... instead)"
981 ;
982 }
983
ce261791 984 # distribute $op over each remaining member of @vals, append logic if exists
985 return $self->_recurse_where([map { {$k => {$op, $_}} } @vals], $logic);
4030915f 986
9d48860e 987 }
96449e8e 988 else {
9d48860e 989 # try to DWIM on equality operators
3cdadcbe 990 return
991 $op =~ $self->{equality_op} ? $self->{sqlfalse}
992 : $op =~ $self->{like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->{sqlfalse}
993 : $op =~ $self->{inequality_op} ? $self->{sqltrue}
994 : $op =~ $self->{not_like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->{sqltrue}
995 : puke "operator '$op' applied on an empty array (field '$k')";
96449e8e 996 }
997}
998
999
1000sub _where_hashpair_SCALARREF {
1001 my ($self, $k, $v) = @_;
1002 $self->_debug("SCALAR($k) means literal SQL: $$v");
1003 my $sql = $self->_quote($k) . " " . $$v;
1004 return ($sql);
1005}
1006
fe3ae272 1007# literal SQL with bind
96449e8e 1008sub _where_hashpair_ARRAYREFREF {
1009 my ($self, $k, $v) = @_;
1010 $self->_debug("REF($k) means literal SQL: @${$v}");
c94a6c93 1011 my ($sql, @bind) = @$$v;
fe3ae272 1012 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1013 $sql = $self->_quote($k) . " " . $sql;
96449e8e 1014 return ($sql, @bind );
1015}
1016
fe3ae272 1017# literal SQL without bind
96449e8e 1018sub _where_hashpair_SCALAR {
1019 my ($self, $k, $v) = @_;
1020 $self->_debug("NOREF($k) means simple key=val: $k $self->{cmp} $v");
9d48860e 1021 my $sql = join ' ', $self->_convert($self->_quote($k)),
1022 $self->_sqlcase($self->{cmp}),
96449e8e 1023 $self->_convert('?');
1024 my @bind = $self->_bindtype($k, $v);
1025 return ( $sql, @bind);
1026}
1027
1028
1029sub _where_hashpair_UNDEF {
1030 my ($self, $k, $v) = @_;
1031 $self->_debug("UNDEF($k) means IS NULL");
1032 my $sql = $self->_quote($k) . $self->_sqlcase(' is null');
1033 return ($sql);
1034}
1035
1036#======================================================================
1037# WHERE: TOP-LEVEL OTHERS (SCALARREF, SCALAR, UNDEF)
1038#======================================================================
1039
1040
1041sub _where_SCALARREF {
1042 my ($self, $where) = @_;
1043
1044 # literal sql
1045 $self->_debug("SCALAR(*top) means literal SQL: $$where");
1046 return ($$where);
1047}
1048
1049
1050sub _where_SCALAR {
1051 my ($self, $where) = @_;
1052
1053 # literal sql
1054 $self->_debug("NOREF(*top) means literal SQL: $where");
1055 return ($where);
1056}
1057
1058
1059sub _where_UNDEF {
1060 my ($self) = @_;
1061 return ();
1062}
1063
1064
1065#======================================================================
1066# WHERE: BUILTIN SPECIAL OPERATORS (-in, -between)
1067#======================================================================
1068
1069
1070sub _where_field_BETWEEN {
1071 my ($self, $k, $op, $vals) = @_;
1072
4d8b3dc4 1073 my ($label, $and, $placeholder);
cf02fc47 1074 $label = $self->_convert($self->_quote($k));
1075 $and = ' ' . $self->_sqlcase('and') . ' ';
1076 $placeholder = $self->_convert('?');
96449e8e 1077 $op = $self->_sqlcase($op);
1078
7f54040f 1079 my $invalid_args = "Operator '$op' requires either an arrayref with two defined values or expressions, or a single literal scalarref/arrayref-ref";
1080
4d8b3dc4 1081 my ($clause, @bind) = $self->_SWITCH_refkind($vals, {
1082 ARRAYREFREF => sub {
c94a6c93 1083 my ($s, @b) = @$$vals;
1084 $self->_assert_bindval_matches_bindtype(@b);
1085 ($s, @b);
4d8b3dc4 1086 },
1087 SCALARREF => sub {
1088 return $$vals;
1089 },
1090 ARRAYREF => sub {
7f54040f 1091 puke $invalid_args if @$vals != 2;
4d8b3dc4 1092
1093 my (@all_sql, @all_bind);
1094 foreach my $val (@$vals) {
1095 my ($sql, @bind) = $self->_SWITCH_refkind($val, {
1096 SCALAR => sub {
5e5cbf51 1097 return ($placeholder, $self->_bindtype($k, $val) );
4d8b3dc4 1098 },
1099 SCALARREF => sub {
0336eddb 1100 return $$val;
4d8b3dc4 1101 },
1102 ARRAYREFREF => sub {
1103 my ($sql, @bind) = @$$val;
c94a6c93 1104 $self->_assert_bindval_matches_bindtype(@bind);
0336eddb 1105 return ($sql, @bind);
4d8b3dc4 1106 },
0336eddb 1107 HASHREF => sub {
1108 my ($func, $arg, @rest) = %$val;
1109 puke ("Only simple { -func => arg } functions accepted as sub-arguments to BETWEEN")
1110 if (@rest or $func !~ /^ \- (.+)/x);
1111 local $self->{_nested_func_lhs} = $k;
0ec3aec7 1112 $self->_where_unary_op ($1 => $arg);
7f54040f 1113 },
1114 FALLBACK => sub {
1115 puke $invalid_args,
1116 },
4d8b3dc4 1117 });
1118 push @all_sql, $sql;
1119 push @all_bind, @bind;
1120 }
1121
1122 return (
1123 (join $and, @all_sql),
5e5cbf51 1124 @all_bind
4d8b3dc4 1125 );
1126 },
1127 FALLBACK => sub {
7f54040f 1128 puke $invalid_args,
4d8b3dc4 1129 },
1130 });
cf02fc47 1131
cf02fc47 1132 my $sql = "( $label $op $clause )";
96449e8e 1133 return ($sql, @bind)
1134}
1135
1136
1137sub _where_field_IN {
1138 my ($self, $k, $op, $vals) = @_;
1139
1140 # backwards compatibility : if scalar, force into an arrayref
1141 $vals = [$vals] if defined $vals && ! ref $vals;
1142
96449e8e 1143 my ($label) = $self->_convert($self->_quote($k));
1144 my ($placeholder) = $self->_convert('?');
96449e8e 1145 $op = $self->_sqlcase($op);
1146
8a0d798a 1147 my ($sql, @bind) = $self->_SWITCH_refkind($vals, {
1148 ARRAYREF => sub { # list of choices
1149 if (@$vals) { # nonempty list
0336eddb 1150 my (@all_sql, @all_bind);
1151
1152 for my $val (@$vals) {
1153 my ($sql, @bind) = $self->_SWITCH_refkind($val, {
1154 SCALAR => sub {
1155 return ($placeholder, $val);
1156 },
1157 SCALARREF => sub {
1158 return $$val;
1159 },
1160 ARRAYREFREF => sub {
1161 my ($sql, @bind) = @$$val;
1162 $self->_assert_bindval_matches_bindtype(@bind);
1163 return ($sql, @bind);
1164 },
1165 HASHREF => sub {
1166 my ($func, $arg, @rest) = %$val;
1167 puke ("Only simple { -func => arg } functions accepted as sub-arguments to IN")
1168 if (@rest or $func !~ /^ \- (.+)/x);
1169 local $self->{_nested_func_lhs} = $k;
0ec3aec7 1170 $self->_where_unary_op ($1 => $arg);
279eb282 1171 },
1172 UNDEF => sub {
032dfe20 1173 puke(
1174 'SQL::Abstract before v1.75 used to generate incorrect SQL when the '
1175 . "-$op operator was given an undef-containing list: !!!AUDIT YOUR CODE "
1176 . 'AND DATA!!! (the upcoming Data::Query-based version of SQL::Abstract '
1177 . 'will emit the logically correct SQL instead of raising this exception)'
1178 );
279eb282 1179 },
0336eddb 1180 });
1181 push @all_sql, $sql;
1182 push @all_bind, @bind;
1183 }
96449e8e 1184
88a89939 1185 return (
1186 sprintf ('%s %s ( %s )',
1187 $label,
1188 $op,
1189 join (', ', @all_sql)
1190 ),
1191 $self->_bindtype($k, @all_bind),
0336eddb 1192 );
8a0d798a 1193 }
1194 else { # empty list : some databases won't understand "IN ()", so DWIM
1195 my $sql = ($op =~ /\bnot\b/i) ? $self->{sqltrue} : $self->{sqlfalse};
1196 return ($sql);
1197 }
1198 },
1199
4a1f01a3 1200 SCALARREF => sub { # literal SQL
1201 my $sql = $self->_open_outer_paren ($$vals);
1202 return ("$label $op ( $sql )");
1203 },
8a0d798a 1204 ARRAYREFREF => sub { # literal SQL with bind
1205 my ($sql, @bind) = @$$vals;
fe3ae272 1206 $self->_assert_bindval_matches_bindtype(@bind);
4a1f01a3 1207 $sql = $self->_open_outer_paren ($sql);
8a0d798a 1208 return ("$label $op ( $sql )", @bind);
1209 },
1210
ff8ca6b4 1211 UNDEF => sub {
1212 puke "Argument passed to the '$op' operator can not be undefined";
1213 },
1214
8a0d798a 1215 FALLBACK => sub {
ff8ca6b4 1216 puke "special op $op requires an arrayref (or scalarref/arrayref-ref)";
8a0d798a 1217 },
1218 });
1219
1220 return ($sql, @bind);
96449e8e 1221}
1222
4a1f01a3 1223# Some databases (SQLite) treat col IN (1, 2) different from
1224# col IN ( (1, 2) ). Use this to strip all outer parens while
1225# adding them back in the corresponding method
1226sub _open_outer_paren {
1227 my ($self, $sql) = @_;
171a709f 1228 $sql = $1 while $sql =~ /^ \s* \( (.*) \) \s* $/xs;
4a1f01a3 1229 return $sql;
1230}
1231
96449e8e 1232
96449e8e 1233#======================================================================
1234# ORDER BY
1235#======================================================================
1236
1237sub _order_by {
1238 my ($self, $arg) = @_;
1239
f267b646 1240 my (@sql, @bind);
1241 for my $c ($self->_order_by_chunks ($arg) ) {
1242 $self->_SWITCH_refkind ($c, {
1243 SCALAR => sub { push @sql, $c },
1244 ARRAYREF => sub { push @sql, shift @$c; push @bind, @$c },
1245 });
1246 }
1247
1248 my $sql = @sql
1249 ? sprintf ('%s %s',
1250 $self->_sqlcase(' order by'),
1251 join (', ', @sql)
1252 )
1253 : ''
1254 ;
1255
1256 return wantarray ? ($sql, @bind) : $sql;
1257}
1258
1259sub _order_by_chunks {
1260 my ($self, $arg) = @_;
1261
1262 return $self->_SWITCH_refkind($arg, {
96449e8e 1263
1264 ARRAYREF => sub {
f267b646 1265 map { $self->_order_by_chunks ($_ ) } @$arg;
96449e8e 1266 },
1267
c94a6c93 1268 ARRAYREFREF => sub {
1269 my ($s, @b) = @$$arg;
1270 $self->_assert_bindval_matches_bindtype(@b);
1271 [ $s, @b ];
1272 },
f267b646 1273
96449e8e 1274 SCALAR => sub {$self->_quote($arg)},
f267b646 1275
1276 UNDEF => sub {return () },
1277
96449e8e 1278 SCALARREF => sub {$$arg}, # literal SQL, no quoting
96449e8e 1279
f267b646 1280 HASHREF => sub {
5e436130 1281 # get first pair in hash
1282 my ($key, $val, @rest) = %$arg;
1283
1284 return () unless $key;
1285
1286 if ( @rest or not $key =~ /^-(desc|asc)/i ) {
1287 puke "hash passed to _order_by must have exactly one key (-desc or -asc)";
f267b646 1288 }
5e436130 1289
1290 my $direction = $1;
96449e8e 1291
e9bd3547 1292 my @ret;
f267b646 1293 for my $c ($self->_order_by_chunks ($val)) {
e9bd3547 1294 my ($sql, @bind);
96449e8e 1295
f267b646 1296 $self->_SWITCH_refkind ($c, {
1297 SCALAR => sub {
e9bd3547 1298 $sql = $c;
f267b646 1299 },
1300 ARRAYREF => sub {
e9bd3547 1301 ($sql, @bind) = @$c;
f267b646 1302 },
1303 });
96449e8e 1304
5e436130 1305 $sql = $sql . ' ' . $self->_sqlcase($direction);
96449e8e 1306
e9bd3547 1307 push @ret, [ $sql, @bind];
1308 }
96449e8e 1309
e9bd3547 1310 return @ret;
f267b646 1311 },
1312 });
96449e8e 1313}
1314
1315
96449e8e 1316#======================================================================
1317# DATASOURCE (FOR NOW, JUST PLAIN TABLE OR LIST OF TABLES)
1318#======================================================================
1319
1320sub _table {
1321 my $self = shift;
1322 my $from = shift;
1323 $self->_SWITCH_refkind($from, {
1324 ARRAYREF => sub {join ', ', map { $self->_quote($_) } @$from;},
1325 SCALAR => sub {$self->_quote($from)},
1326 SCALARREF => sub {$$from},
96449e8e 1327 });
1328}
1329
1330
1331#======================================================================
1332# UTILITY FUNCTIONS
1333#======================================================================
1334
955e77ca 1335# highly optimized, as it's called way too often
96449e8e 1336sub _quote {
955e77ca 1337 # my ($self, $label) = @_;
96449e8e 1338
955e77ca 1339 return '' unless defined $_[1];
955e77ca 1340 return ${$_[1]} if ref($_[1]) eq 'SCALAR';
96449e8e 1341
b6251592 1342 unless ($_[0]->{quote_char}) {
170e6c33 1343 $_[0]->_assert_pass_injection_guard($_[1]);
b6251592 1344 return $_[1];
1345 }
96449e8e 1346
07d7c35c 1347 my $qref = ref $_[0]->{quote_char};
955e77ca 1348 my ($l, $r);
07d7c35c 1349 if (!$qref) {
1350 ($l, $r) = ( $_[0]->{quote_char}, $_[0]->{quote_char} );
955e77ca 1351 }
07d7c35c 1352 elsif ($qref eq 'ARRAY') {
1353 ($l, $r) = @{$_[0]->{quote_char}};
955e77ca 1354 }
1355 else {
1356 puke "Unsupported quote_char format: $_[0]->{quote_char}";
1357 }
46be4313 1358 my $esc = $_[0]->{escape_char} || $r;
96449e8e 1359
07d7c35c 1360 # parts containing * are naturally unquoted
1361 return join( $_[0]->{name_sep}||'', map
46be4313 1362 { $_ eq '*' ? $_ : do { (my $n = $_) =~ s/(\Q$esc\E|\Q$r\E)/$esc$1/g; $l . $n . $r } }
955e77ca 1363 ( $_[0]->{name_sep} ? split (/\Q$_[0]->{name_sep}\E/, $_[1] ) : $_[1] )
1364 );
96449e8e 1365}
1366
1367
1368# Conversion, if applicable
1369sub _convert ($) {
07d7c35c 1370 #my ($self, $arg) = @_;
07d7c35c 1371 if ($_[0]->{convert}) {
1372 return $_[0]->_sqlcase($_[0]->{convert}) .'(' . $_[1] . ')';
96449e8e 1373 }
07d7c35c 1374 return $_[1];
96449e8e 1375}
1376
1377# And bindtype
1378sub _bindtype (@) {
07d7c35c 1379 #my ($self, $col, @vals) = @_;
07d7c35c 1380 # called often - tighten code
1381 return $_[0]->{bindtype} eq 'columns'
1382 ? map {[$_[1], $_]} @_[2 .. $#_]
1383 : @_[2 .. $#_]
1384 ;
96449e8e 1385}
1386
fe3ae272 1387# Dies if any element of @bind is not in [colname => value] format
1388# if bindtype is 'columns'.
1389sub _assert_bindval_matches_bindtype {
c94a6c93 1390# my ($self, @bind) = @_;
1391 my $self = shift;
fe3ae272 1392 if ($self->{bindtype} eq 'columns') {
c94a6c93 1393 for (@_) {
1394 if (!defined $_ || ref($_) ne 'ARRAY' || @$_ != 2) {
3a06278c 1395 puke "bindtype 'columns' selected, you need to pass: [column_name => bind_value]"
fe3ae272 1396 }
1397 }
1398 }
1399}
1400
96449e8e 1401sub _join_sql_clauses {
1402 my ($self, $logic, $clauses_aref, $bind_aref) = @_;
1403
1404 if (@$clauses_aref > 1) {
1405 my $join = " " . $self->_sqlcase($logic) . " ";
1406 my $sql = '( ' . join($join, @$clauses_aref) . ' )';
1407 return ($sql, @$bind_aref);
1408 }
1409 elsif (@$clauses_aref) {
1410 return ($clauses_aref->[0], @$bind_aref); # no parentheses
1411 }
1412 else {
1413 return (); # if no SQL, ignore @$bind_aref
1414 }
1415}
1416
1417
1418# Fix SQL case, if so requested
1419sub _sqlcase {
96449e8e 1420 # LDNOTE: if $self->{case} is true, then it contains 'lower', so we
1421 # don't touch the argument ... crooked logic, but let's not change it!
07d7c35c 1422 return $_[0]->{case} ? $_[1] : uc($_[1]);
96449e8e 1423}
1424
1425
1426#======================================================================
1427# DISPATCHING FROM REFKIND
1428#======================================================================
1429
1430sub _refkind {
1431 my ($self, $data) = @_;
96449e8e 1432
955e77ca 1433 return 'UNDEF' unless defined $data;
1434
1435 # blessed objects are treated like scalars
1436 my $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1437
1438 return 'SCALAR' unless $ref;
1439
1440 my $n_steps = 1;
1441 while ($ref eq 'REF') {
96449e8e 1442 $data = $$data;
955e77ca 1443 $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1444 $n_steps++ if $ref;
96449e8e 1445 }
1446
848556bc 1447 return ($ref||'SCALAR') . ('REF' x $n_steps);
96449e8e 1448}
1449
1450sub _try_refkind {
1451 my ($self, $data) = @_;
1452 my @try = ($self->_refkind($data));
1453 push @try, 'SCALAR_or_UNDEF' if $try[0] eq 'SCALAR' || $try[0] eq 'UNDEF';
1454 push @try, 'FALLBACK';
955e77ca 1455 return \@try;
96449e8e 1456}
1457
1458sub _METHOD_FOR_refkind {
1459 my ($self, $meth_prefix, $data) = @_;
f39eaa60 1460
1461 my $method;
955e77ca 1462 for (@{$self->_try_refkind($data)}) {
f39eaa60 1463 $method = $self->can($meth_prefix."_".$_)
1464 and last;
1465 }
1466
1467 return $method || puke "cannot dispatch on '$meth_prefix' for ".$self->_refkind($data);
96449e8e 1468}
1469
1470
1471sub _SWITCH_refkind {
1472 my ($self, $data, $dispatch_table) = @_;
1473
f39eaa60 1474 my $coderef;
955e77ca 1475 for (@{$self->_try_refkind($data)}) {
f39eaa60 1476 $coderef = $dispatch_table->{$_}
1477 and last;
1478 }
1479
1480 puke "no dispatch entry for ".$self->_refkind($data)
1481 unless $coderef;
1482
96449e8e 1483 $coderef->();
1484}
1485
1486
1487
1488
1489#======================================================================
1490# VALUES, GENERATE, AUTOLOAD
1491#======================================================================
1492
1493# LDNOTE: original code from nwiger, didn't touch code in that section
1494# I feel the AUTOLOAD stuff should not be the default, it should
1495# only be activated on explicit demand by user.
1496
1497sub values {
1498 my $self = shift;
1499 my $data = shift || return;
1500 puke "Argument to ", __PACKAGE__, "->values must be a \\%hash"
1501 unless ref $data eq 'HASH';
bab725ce 1502
1503 my @all_bind;
1504 foreach my $k ( sort keys %$data ) {
1505 my $v = $data->{$k};
1506 $self->_SWITCH_refkind($v, {
9d48860e 1507 ARRAYREF => sub {
bab725ce 1508 if ($self->{array_datatypes}) { # array datatype
1509 push @all_bind, $self->_bindtype($k, $v);
1510 }
1511 else { # literal SQL with bind
1512 my ($sql, @bind) = @$v;
1513 $self->_assert_bindval_matches_bindtype(@bind);
1514 push @all_bind, @bind;
1515 }
1516 },
1517 ARRAYREFREF => sub { # literal SQL with bind
1518 my ($sql, @bind) = @${$v};
1519 $self->_assert_bindval_matches_bindtype(@bind);
1520 push @all_bind, @bind;
1521 },
1522 SCALARREF => sub { # literal SQL without bind
1523 },
1524 SCALAR_or_UNDEF => sub {
1525 push @all_bind, $self->_bindtype($k, $v);
1526 },
1527 });
1528 }
1529
1530 return @all_bind;
96449e8e 1531}
1532
1533sub generate {
1534 my $self = shift;
1535
1536 my(@sql, @sqlq, @sqlv);
1537
1538 for (@_) {
1539 my $ref = ref $_;
1540 if ($ref eq 'HASH') {
1541 for my $k (sort keys %$_) {
1542 my $v = $_->{$k};
1543 my $r = ref $v;
1544 my $label = $self->_quote($k);
1545 if ($r eq 'ARRAY') {
fe3ae272 1546 # literal SQL with bind
1547 my ($sql, @bind) = @$v;
1548 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1549 push @sqlq, "$label = $sql";
fe3ae272 1550 push @sqlv, @bind;
96449e8e 1551 } elsif ($r eq 'SCALAR') {
fe3ae272 1552 # literal SQL without bind
96449e8e 1553 push @sqlq, "$label = $$v";
9d48860e 1554 } else {
96449e8e 1555 push @sqlq, "$label = ?";
1556 push @sqlv, $self->_bindtype($k, $v);
1557 }
1558 }
1559 push @sql, $self->_sqlcase('set'), join ', ', @sqlq;
1560 } elsif ($ref eq 'ARRAY') {
1561 # unlike insert(), assume these are ONLY the column names, i.e. for SQL
1562 for my $v (@$_) {
1563 my $r = ref $v;
fe3ae272 1564 if ($r eq 'ARRAY') { # literal SQL with bind
1565 my ($sql, @bind) = @$v;
1566 $self->_assert_bindval_matches_bindtype(@bind);
1567 push @sqlq, $sql;
1568 push @sqlv, @bind;
1569 } elsif ($r eq 'SCALAR') { # literal SQL without bind
96449e8e 1570 # embedded literal SQL
1571 push @sqlq, $$v;
9d48860e 1572 } else {
96449e8e 1573 push @sqlq, '?';
1574 push @sqlv, $v;
1575 }
1576 }
1577 push @sql, '(' . join(', ', @sqlq) . ')';
1578 } elsif ($ref eq 'SCALAR') {
1579 # literal SQL
1580 push @sql, $$_;
1581 } else {
1582 # strings get case twiddled
1583 push @sql, $self->_sqlcase($_);
1584 }
1585 }
1586
1587 my $sql = join ' ', @sql;
1588
1589 # this is pretty tricky
1590 # if ask for an array, return ($stmt, @bind)
1591 # otherwise, s/?/shift @sqlv/ to put it inline
1592 if (wantarray) {
1593 return ($sql, @sqlv);
1594 } else {
1595 1 while $sql =~ s/\?/my $d = shift(@sqlv);
1596 ref $d ? $d->[1] : $d/e;
1597 return $sql;
1598 }
1599}
1600
1601
1602sub DESTROY { 1 }
1603
1604sub AUTOLOAD {
1605 # This allows us to check for a local, then _form, attr
1606 my $self = shift;
1607 my($name) = $AUTOLOAD =~ /.*::(.+)/;
1608 return $self->generate($name, @_);
1609}
1610
16111;
1612
1613
1614
1615__END__
32eab2da 1616
1617=head1 NAME
1618
1619SQL::Abstract - Generate SQL from Perl data structures
1620
1621=head1 SYNOPSIS
1622
1623 use SQL::Abstract;
1624
1625 my $sql = SQL::Abstract->new;
1626
521647e7 1627 my($stmt, @bind) = $sql->select($source, \@fields, \%where, \@order);
32eab2da 1628
1629 my($stmt, @bind) = $sql->insert($table, \%fieldvals || \@values);
1630
1631 my($stmt, @bind) = $sql->update($table, \%fieldvals, \%where);
1632
1633 my($stmt, @bind) = $sql->delete($table, \%where);
1634
1635 # Then, use these in your DBI statements
1636 my $sth = $dbh->prepare($stmt);
1637 $sth->execute(@bind);
1638
1639 # Just generate the WHERE clause
abe72f94 1640 my($stmt, @bind) = $sql->where(\%where, \@order);
32eab2da 1641
1642 # Return values in the same order, for hashed queries
1643 # See PERFORMANCE section for more details
1644 my @bind = $sql->values(\%fieldvals);
1645
1646=head1 DESCRIPTION
1647
1648This module was inspired by the excellent L<DBIx::Abstract>.
1649However, in using that module I found that what I really wanted
1650to do was generate SQL, but still retain complete control over my
1651statement handles and use the DBI interface. So, I set out to
1652create an abstract SQL generation module.
1653
1654While based on the concepts used by L<DBIx::Abstract>, there are
1655several important differences, especially when it comes to WHERE
1656clauses. I have modified the concepts used to make the SQL easier
1657to generate from Perl data structures and, IMO, more intuitive.
1658The underlying idea is for this module to do what you mean, based
1659on the data structures you provide it. The big advantage is that
1660you don't have to modify your code every time your data changes,
1661as this module figures it out.
1662
1663To begin with, an SQL INSERT is as easy as just specifying a hash
1664of C<key=value> pairs:
1665
1666 my %data = (
1667 name => 'Jimbo Bobson',
1668 phone => '123-456-7890',
1669 address => '42 Sister Lane',
1670 city => 'St. Louis',
1671 state => 'Louisiana',
1672 );
1673
1674The SQL can then be generated with this:
1675
1676 my($stmt, @bind) = $sql->insert('people', \%data);
1677
1678Which would give you something like this:
1679
1680 $stmt = "INSERT INTO people
1681 (address, city, name, phone, state)
1682 VALUES (?, ?, ?, ?, ?)";
1683 @bind = ('42 Sister Lane', 'St. Louis', 'Jimbo Bobson',
1684 '123-456-7890', 'Louisiana');
1685
1686These are then used directly in your DBI code:
1687
1688 my $sth = $dbh->prepare($stmt);
1689 $sth->execute(@bind);
1690
96449e8e 1691=head2 Inserting and Updating Arrays
1692
1693If your database has array types (like for example Postgres),
1694activate the special option C<< array_datatypes => 1 >>
9d48860e 1695when creating the C<SQL::Abstract> object.
96449e8e 1696Then you may use an arrayref to insert and update database array types:
1697
1698 my $sql = SQL::Abstract->new(array_datatypes => 1);
1699 my %data = (
1700 planets => [qw/Mercury Venus Earth Mars/]
1701 );
9d48860e 1702
96449e8e 1703 my($stmt, @bind) = $sql->insert('solar_system', \%data);
1704
1705This results in:
1706
1707 $stmt = "INSERT INTO solar_system (planets) VALUES (?)"
1708
1709 @bind = (['Mercury', 'Venus', 'Earth', 'Mars']);
1710
1711
1712=head2 Inserting and Updating SQL
1713
1714In order to apply SQL functions to elements of your C<%data> you may
1715specify a reference to an arrayref for the given hash value. For example,
1716if you need to execute the Oracle C<to_date> function on a value, you can
1717say something like this:
32eab2da 1718
1719 my %data = (
1720 name => 'Bill',
96449e8e 1721 date_entered => \["to_date(?,'MM/DD/YYYY')", "03/02/2003"],
9d48860e 1722 );
32eab2da 1723
1724The first value in the array is the actual SQL. Any other values are
1725optional and would be included in the bind values array. This gives
1726you:
1727
1728 my($stmt, @bind) = $sql->insert('people', \%data);
1729
9d48860e 1730 $stmt = "INSERT INTO people (name, date_entered)
32eab2da 1731 VALUES (?, to_date(?,'MM/DD/YYYY'))";
1732 @bind = ('Bill', '03/02/2003');
1733
1734An UPDATE is just as easy, all you change is the name of the function:
1735
1736 my($stmt, @bind) = $sql->update('people', \%data);
1737
1738Notice that your C<%data> isn't touched; the module will generate
1739the appropriately quirky SQL for you automatically. Usually you'll
1740want to specify a WHERE clause for your UPDATE, though, which is
1741where handling C<%where> hashes comes in handy...
1742
96449e8e 1743=head2 Complex where statements
1744
32eab2da 1745This module can generate pretty complicated WHERE statements
1746easily. For example, simple C<key=value> pairs are taken to mean
1747equality, and if you want to see if a field is within a set
1748of values, you can use an arrayref. Let's say we wanted to
1749SELECT some data based on this criteria:
1750
1751 my %where = (
1752 requestor => 'inna',
1753 worker => ['nwiger', 'rcwe', 'sfz'],
1754 status => { '!=', 'completed' }
1755 );
1756
1757 my($stmt, @bind) = $sql->select('tickets', '*', \%where);
1758
1759The above would give you something like this:
1760
1761 $stmt = "SELECT * FROM tickets WHERE
1762 ( requestor = ? ) AND ( status != ? )
1763 AND ( worker = ? OR worker = ? OR worker = ? )";
1764 @bind = ('inna', 'completed', 'nwiger', 'rcwe', 'sfz');
1765
1766Which you could then use in DBI code like so:
1767
1768 my $sth = $dbh->prepare($stmt);
1769 $sth->execute(@bind);
1770
1771Easy, eh?
1772
0da0fe34 1773=head1 METHODS
32eab2da 1774
0da0fe34 1775The methods are simple. There's one for each major SQL operation,
32eab2da 1776and a constructor you use first. The arguments are specified in a
0da0fe34 1777similar order to each method (table, then fields, then a where
32eab2da 1778clause) to try and simplify things.
1779
32eab2da 1780=head2 new(option => 'value')
1781
1782The C<new()> function takes a list of options and values, and returns
1783a new B<SQL::Abstract> object which can then be used to generate SQL
1784through the methods below. The options accepted are:
1785
1786=over
1787
1788=item case
1789
1790If set to 'lower', then SQL will be generated in all lowercase. By
1791default SQL is generated in "textbook" case meaning something like:
1792
1793 SELECT a_field FROM a_table WHERE some_field LIKE '%someval%'
1794
96449e8e 1795Any setting other than 'lower' is ignored.
1796
32eab2da 1797=item cmp
1798
1799This determines what the default comparison operator is. By default
1800it is C<=>, meaning that a hash like this:
1801
1802 %where = (name => 'nwiger', email => 'nate@wiger.org');
1803
1804Will generate SQL like this:
1805
1806 WHERE name = 'nwiger' AND email = 'nate@wiger.org'
1807
1808However, you may want loose comparisons by default, so if you set
1809C<cmp> to C<like> you would get SQL such as:
1810
1811 WHERE name like 'nwiger' AND email like 'nate@wiger.org'
1812
3af02ccb 1813You can also override the comparison on an individual basis - see
32eab2da 1814the huge section on L</"WHERE CLAUSES"> at the bottom.
1815
96449e8e 1816=item sqltrue, sqlfalse
1817
1818Expressions for inserting boolean values within SQL statements.
6e0c6552 1819By default these are C<1=1> and C<1=0>. They are used
1820by the special operators C<-in> and C<-not_in> for generating
1821correct SQL even when the argument is an empty array (see below).
96449e8e 1822
32eab2da 1823=item logic
1824
1825This determines the default logical operator for multiple WHERE
7cac25e6 1826statements in arrays or hashes. If absent, the default logic is "or"
1827for arrays, and "and" for hashes. This means that a WHERE
32eab2da 1828array of the form:
1829
1830 @where = (
9d48860e 1831 event_date => {'>=', '2/13/99'},
1832 event_date => {'<=', '4/24/03'},
32eab2da 1833 );
1834
7cac25e6 1835will generate SQL like this:
32eab2da 1836
1837 WHERE event_date >= '2/13/99' OR event_date <= '4/24/03'
1838
1839This is probably not what you want given this query, though (look
1840at the dates). To change the "OR" to an "AND", simply specify:
1841
1842 my $sql = SQL::Abstract->new(logic => 'and');
1843
1844Which will change the above C<WHERE> to:
1845
1846 WHERE event_date >= '2/13/99' AND event_date <= '4/24/03'
1847
96449e8e 1848The logic can also be changed locally by inserting
7cac25e6 1849a modifier in front of an arrayref :
96449e8e 1850
9d48860e 1851 @where = (-and => [event_date => {'>=', '2/13/99'},
7cac25e6 1852 event_date => {'<=', '4/24/03'} ]);
96449e8e 1853
1854See the L</"WHERE CLAUSES"> section for explanations.
1855
32eab2da 1856=item convert
1857
1858This will automatically convert comparisons using the specified SQL
1859function for both column and value. This is mostly used with an argument
1860of C<upper> or C<lower>, so that the SQL will have the effect of
1861case-insensitive "searches". For example, this:
1862
1863 $sql = SQL::Abstract->new(convert => 'upper');
1864 %where = (keywords => 'MaKe iT CAse inSeNSItive');
1865
1866Will turn out the following SQL:
1867
1868 WHERE upper(keywords) like upper('MaKe iT CAse inSeNSItive')
1869
1870The conversion can be C<upper()>, C<lower()>, or any other SQL function
1871that can be applied symmetrically to fields (actually B<SQL::Abstract> does
1872not validate this option; it will just pass through what you specify verbatim).
1873
1874=item bindtype
1875
1876This is a kludge because many databases suck. For example, you can't
1877just bind values using DBI's C<execute()> for Oracle C<CLOB> or C<BLOB> fields.
1878Instead, you have to use C<bind_param()>:
1879
1880 $sth->bind_param(1, 'reg data');
1881 $sth->bind_param(2, $lots, {ora_type => ORA_CLOB});
1882
1883The problem is, B<SQL::Abstract> will normally just return a C<@bind> array,
1884which loses track of which field each slot refers to. Fear not.
1885
1886If you specify C<bindtype> in new, you can determine how C<@bind> is returned.
1887Currently, you can specify either C<normal> (default) or C<columns>. If you
1888specify C<columns>, you will get an array that looks like this:
1889
1890 my $sql = SQL::Abstract->new(bindtype => 'columns');
1891 my($stmt, @bind) = $sql->insert(...);
1892
1893 @bind = (
1894 [ 'column1', 'value1' ],
1895 [ 'column2', 'value2' ],
1896 [ 'column3', 'value3' ],
1897 );
1898
1899You can then iterate through this manually, using DBI's C<bind_param()>.
e3f9dff4 1900
32eab2da 1901 $sth->prepare($stmt);
1902 my $i = 1;
1903 for (@bind) {
1904 my($col, $data) = @$_;
1905 if ($col eq 'details' || $col eq 'comments') {
1906 $sth->bind_param($i, $data, {ora_type => ORA_CLOB});
1907 } elsif ($col eq 'image') {
1908 $sth->bind_param($i, $data, {ora_type => ORA_BLOB});
1909 } else {
1910 $sth->bind_param($i, $data);
1911 }
1912 $i++;
1913 }
1914 $sth->execute; # execute without @bind now
1915
1916Now, why would you still use B<SQL::Abstract> if you have to do this crap?
1917Basically, the advantage is still that you don't have to care which fields
1918are or are not included. You could wrap that above C<for> loop in a simple
1919sub called C<bind_fields()> or something and reuse it repeatedly. You still
1920get a layer of abstraction over manual SQL specification.
1921
deb148a2 1922Note that if you set L</bindtype> to C<columns>, the C<\[$sql, @bind]>
1923construct (see L</Literal SQL with placeholders and bind values (subqueries)>)
1924will expect the bind values in this format.
1925
32eab2da 1926=item quote_char
1927
1928This is the character that a table or column name will be quoted
9d48860e 1929with. By default this is an empty string, but you could set it to
32eab2da 1930the character C<`>, to generate SQL like this:
1931
1932 SELECT `a_field` FROM `a_table` WHERE `some_field` LIKE '%someval%'
1933
96449e8e 1934Alternatively, you can supply an array ref of two items, the first being the left
1935hand quote character, and the second the right hand quote character. For
1936example, you could supply C<['[',']']> for SQL Server 2000 compliant quotes
1937that generates SQL like this:
1938
1939 SELECT [a_field] FROM [a_table] WHERE [some_field] LIKE '%someval%'
1940
9d48860e 1941Quoting is useful if you have tables or columns names that are reserved
96449e8e 1942words in your database's SQL dialect.
32eab2da 1943
46be4313 1944=item escape_char
1945
1946This is the character that will be used to escape L</quote_char>s appearing
1947in an identifier before it has been quoted.
1948
1949The paramter default in case of a single L</quote_char> character is the quote
1950character itself.
1951
1952When opening-closing-style quoting is used (L</quote_char> is an arrayref)
1953this parameter defaults to the B<closing (right)> L</quote_char>. Occurences
1954of the B<opening (left)> L</quote_char> within the identifier are currently left
1955untouched. The default for opening-closing-style quotes may change in future
1956versions, thus you are B<strongly encouraged> to specify the escape character
1957explicitly.
1958
32eab2da 1959=item name_sep
1960
1961This is the character that separates a table and column name. It is
1962necessary to specify this when the C<quote_char> option is selected,
1963so that tables and column names can be individually quoted like this:
1964
1965 SELECT `table`.`one_field` FROM `table` WHERE `table`.`other_field` = 1
1966
b6251592 1967=item injection_guard
1968
1969A regular expression C<qr/.../> that is applied to any C<-function> and unquoted
1970column name specified in a query structure. This is a safety mechanism to avoid
1971injection attacks when mishandling user input e.g.:
1972
1973 my %condition_as_column_value_pairs = get_values_from_user();
1974 $sqla->select( ... , \%condition_as_column_value_pairs );
1975
1976If the expression matches an exception is thrown. Note that literal SQL
1977supplied via C<\'...'> or C<\['...']> is B<not> checked in any way.
1978
1979Defaults to checking for C<;> and the C<GO> keyword (TransactSQL)
1980
96449e8e 1981=item array_datatypes
32eab2da 1982
9d48860e 1983When this option is true, arrayrefs in INSERT or UPDATE are
1984interpreted as array datatypes and are passed directly
96449e8e 1985to the DBI layer.
1986When this option is false, arrayrefs are interpreted
1987as literal SQL, just like refs to arrayrefs
1988(but this behavior is for backwards compatibility; when writing
1989new queries, use the "reference to arrayref" syntax
1990for literal SQL).
32eab2da 1991
32eab2da 1992
96449e8e 1993=item special_ops
32eab2da 1994
9d48860e 1995Takes a reference to a list of "special operators"
96449e8e 1996to extend the syntax understood by L<SQL::Abstract>.
1997See section L</"SPECIAL OPERATORS"> for details.
32eab2da 1998
59f23b3d 1999=item unary_ops
2000
9d48860e 2001Takes a reference to a list of "unary operators"
59f23b3d 2002to extend the syntax understood by L<SQL::Abstract>.
2003See section L</"UNARY OPERATORS"> for details.
2004
32eab2da 2005
32eab2da 2006
96449e8e 2007=back
32eab2da 2008
02288357 2009=head2 insert($table, \@values || \%fieldvals, \%options)
32eab2da 2010
2011This is the simplest function. You simply give it a table name
2012and either an arrayref of values or hashref of field/value pairs.
2013It returns an SQL INSERT statement and a list of bind values.
96449e8e 2014See the sections on L</"Inserting and Updating Arrays"> and
2015L</"Inserting and Updating SQL"> for information on how to insert
2016with those data types.
32eab2da 2017
02288357 2018The optional C<\%options> hash reference may contain additional
2019options to generate the insert SQL. Currently supported options
2020are:
2021
2022=over 4
2023
2024=item returning
2025
2026Takes either a scalar of raw SQL fields, or an array reference of
2027field names, and adds on an SQL C<RETURNING> statement at the end.
2028This allows you to return data generated by the insert statement
2029(such as row IDs) without performing another C<SELECT> statement.
2030Note, however, this is not part of the SQL standard and may not
2031be supported by all database engines.
2032
2033=back
2034
32eab2da 2035=head2 update($table, \%fieldvals, \%where)
2036
2037This takes a table, hashref of field/value pairs, and an optional
86298391 2038hashref L<WHERE clause|/WHERE CLAUSES>. It returns an SQL UPDATE function and a list
32eab2da 2039of bind values.
96449e8e 2040See the sections on L</"Inserting and Updating Arrays"> and
2041L</"Inserting and Updating SQL"> for information on how to insert
2042with those data types.
32eab2da 2043
96449e8e 2044=head2 select($source, $fields, $where, $order)
32eab2da 2045
9d48860e 2046This returns a SQL SELECT statement and associated list of bind values, as
96449e8e 2047specified by the arguments :
32eab2da 2048
96449e8e 2049=over
32eab2da 2050
96449e8e 2051=item $source
32eab2da 2052
9d48860e 2053Specification of the 'FROM' part of the statement.
96449e8e 2054The argument can be either a plain scalar (interpreted as a table
2055name, will be quoted), or an arrayref (interpreted as a list
2056of table names, joined by commas, quoted), or a scalarref
2057(literal table name, not quoted), or a ref to an arrayref
2058(list of literal table names, joined by commas, not quoted).
32eab2da 2059
96449e8e 2060=item $fields
32eab2da 2061
9d48860e 2062Specification of the list of fields to retrieve from
96449e8e 2063the source.
2064The argument can be either an arrayref (interpreted as a list
9d48860e 2065of field names, will be joined by commas and quoted), or a
96449e8e 2066plain scalar (literal SQL, not quoted).
521647e7 2067Please observe that this API is not as flexible as that of
2068the first argument C<$source>, for backwards compatibility reasons.
32eab2da 2069
96449e8e 2070=item $where
32eab2da 2071
96449e8e 2072Optional argument to specify the WHERE part of the query.
2073The argument is most often a hashref, but can also be
9d48860e 2074an arrayref or plain scalar --
96449e8e 2075see section L<WHERE clause|/"WHERE CLAUSES"> for details.
32eab2da 2076
96449e8e 2077=item $order
32eab2da 2078
96449e8e 2079Optional argument to specify the ORDER BY part of the query.
9d48860e 2080The argument can be a scalar, a hashref or an arrayref
96449e8e 2081-- see section L<ORDER BY clause|/"ORDER BY CLAUSES">
2082for details.
32eab2da 2083
96449e8e 2084=back
32eab2da 2085
32eab2da 2086
2087=head2 delete($table, \%where)
2088
86298391 2089This takes a table name and optional hashref L<WHERE clause|/WHERE CLAUSES>.
32eab2da 2090It returns an SQL DELETE statement and list of bind values.
2091
32eab2da 2092=head2 where(\%where, \@order)
2093
2094This is used to generate just the WHERE clause. For example,
2095if you have an arbitrary data structure and know what the
2096rest of your SQL is going to look like, but want an easy way
2097to produce a WHERE clause, use this. It returns an SQL WHERE
2098clause and list of bind values.
2099
32eab2da 2100
2101=head2 values(\%data)
2102
2103This just returns the values from the hash C<%data>, in the same
2104order that would be returned from any of the other above queries.
2105Using this allows you to markedly speed up your queries if you
2106are affecting lots of rows. See below under the L</"PERFORMANCE"> section.
2107
32eab2da 2108=head2 generate($any, 'number', $of, \@data, $struct, \%types)
2109
2110Warning: This is an experimental method and subject to change.
2111
2112This returns arbitrarily generated SQL. It's a really basic shortcut.
2113It will return two different things, depending on return context:
2114
2115 my($stmt, @bind) = $sql->generate('create table', \$table, \@fields);
2116 my $stmt_and_val = $sql->generate('create table', \$table, \@fields);
2117
2118These would return the following:
2119
2120 # First calling form
2121 $stmt = "CREATE TABLE test (?, ?)";
2122 @bind = (field1, field2);
2123
2124 # Second calling form
2125 $stmt_and_val = "CREATE TABLE test (field1, field2)";
2126
2127Depending on what you're trying to do, it's up to you to choose the correct
2128format. In this example, the second form is what you would want.
2129
2130By the same token:
2131
2132 $sql->generate('alter session', { nls_date_format => 'MM/YY' });
2133
2134Might give you:
2135
2136 ALTER SESSION SET nls_date_format = 'MM/YY'
2137
2138You get the idea. Strings get their case twiddled, but everything
2139else remains verbatim.
2140
0da0fe34 2141=head1 EXPORTABLE FUNCTIONS
2142
2143=head2 is_plain_value
2144
2145Determines if the supplied argument is a plain value as understood by this
2146module:
2147
2148=over
2149
2150=item * The value is C<undef>
2151
2152=item * The value is a non-reference
2153
2154=item * The value is an object with stringification overloading
2155
2156=item * The value is of the form C<< { -value => $anything } >>
2157
2158=back
2159
966200cc 2160On failure returns C<undef>, on sucess returns a B<scalar> reference
2161to the original supplied argument.
0da0fe34 2162
843a94b5 2163=over
2164
2165=item * Note
2166
2167The stringification overloading detection is rather advanced: it takes
2168into consideration not only the presence of a C<""> overload, but if that
2169fails also checks for enabled
2170L<autogenerated versions of C<"">|overload/Magic Autogeneration>, based
2171on either C<0+> or C<bool>.
2172
2173Unfortunately testing in the field indicates that this
2174detection B<< may tickle a latent bug in perl versions before 5.018 >>,
2175but only when very large numbers of stringifying objects are involved.
2176At the time of writing ( Sep 2014 ) there is no clear explanation of
2177the direct cause, nor is there a manageably small test case that reliably
2178reproduces the problem.
2179
2180If you encounter any of the following exceptions in B<random places within
2181your application stack> - this module may be to blame:
2182
2183 Operation "ne": no method found,
2184 left argument in overloaded package <something>,
2185 right argument in overloaded package <something>
2186
2187or perhaps even
2188
2189 Stub found while resolving method "???" overloading """" in package <something>
2190
2191If you fall victim to the above - please attempt to reduce the problem
2192to something that could be sent to the L<SQL::Abstract developers
2193|DBIx::Class/GETTING_HELP/SUPPORT>
2194(either publicly or privately). As a workaround in the meantime you can
2195set C<$ENV{SQLA_ISVALUE_IGNORE_AUTOGENERATED_STRINGIFICATION}> to a true
2196value, which will most likely eliminate your problem (at the expense of
2197not being able to properly detect exotic forms of stringification).
2198
2199This notice and environment variable will be removed in a future version,
2200as soon as the underlying problem is found and a reliable workaround is
2201devised.
2202
2203=back
2204
0da0fe34 2205=head2 is_literal_value
2206
2207Determines if the supplied argument is a literal value as understood by this
2208module:
2209
2210=over
2211
2212=item * C<\$sql_string>
2213
2214=item * C<\[ $sql_string, @bind_values ]>
2215
2216=item * C<< { -ident => $plain_defined_string } >>
2217
2218=back
2219
966200cc 2220On failure returns C<undef>, on sucess returns an B<array> reference
2221containing the unpacked version of the supplied literal SQL and bind values.
0da0fe34 2222
32eab2da 2223=head1 WHERE CLAUSES
2224
96449e8e 2225=head2 Introduction
2226
32eab2da 2227This module uses a variation on the idea from L<DBIx::Abstract>. It
2228is B<NOT>, repeat I<not> 100% compatible. B<The main logic of this
2229module is that things in arrays are OR'ed, and things in hashes
2230are AND'ed.>
2231
2232The easiest way to explain is to show lots of examples. After
2233each C<%where> hash shown, it is assumed you used:
2234
2235 my($stmt, @bind) = $sql->where(\%where);
2236
2237However, note that the C<%where> hash can be used directly in any
2238of the other functions as well, as described above.
2239
96449e8e 2240=head2 Key-value pairs
2241
32eab2da 2242So, let's get started. To begin, a simple hash:
2243
2244 my %where = (
2245 user => 'nwiger',
2246 status => 'completed'
2247 );
2248
2249Is converted to SQL C<key = val> statements:
2250
2251 $stmt = "WHERE user = ? AND status = ?";
2252 @bind = ('nwiger', 'completed');
2253
2254One common thing I end up doing is having a list of values that
2255a field can be in. To do this, simply specify a list inside of
2256an arrayref:
2257
2258 my %where = (
2259 user => 'nwiger',
2260 status => ['assigned', 'in-progress', 'pending'];
2261 );
2262
2263This simple code will create the following:
9d48860e 2264
32eab2da 2265 $stmt = "WHERE user = ? AND ( status = ? OR status = ? OR status = ? )";
2266 @bind = ('nwiger', 'assigned', 'in-progress', 'pending');
2267
9d48860e 2268A field associated to an empty arrayref will be considered a
7cac25e6 2269logical false and will generate 0=1.
8a68b5be 2270
b864ba9b 2271=head2 Tests for NULL values
2272
2273If the value part is C<undef> then this is converted to SQL <IS NULL>
2274
2275 my %where = (
2276 user => 'nwiger',
2277 status => undef,
2278 );
2279
2280becomes:
2281
2282 $stmt = "WHERE user = ? AND status IS NULL";
2283 @bind = ('nwiger');
2284
e9614080 2285To test if a column IS NOT NULL:
2286
2287 my %where = (
2288 user => 'nwiger',
2289 status => { '!=', undef },
2290 );
cc422895 2291
6e0c6552 2292=head2 Specific comparison operators
96449e8e 2293
32eab2da 2294If you want to specify a different type of operator for your comparison,
2295you can use a hashref for a given column:
2296
2297 my %where = (
2298 user => 'nwiger',
2299 status => { '!=', 'completed' }
2300 );
2301
2302Which would generate:
2303
2304 $stmt = "WHERE user = ? AND status != ?";
2305 @bind = ('nwiger', 'completed');
2306
2307To test against multiple values, just enclose the values in an arrayref:
2308
96449e8e 2309 status => { '=', ['assigned', 'in-progress', 'pending'] };
2310
f2d5020d 2311Which would give you:
96449e8e 2312
2313 "WHERE status = ? OR status = ? OR status = ?"
2314
2315
2316The hashref can also contain multiple pairs, in which case it is expanded
32eab2da 2317into an C<AND> of its elements:
2318
2319 my %where = (
2320 user => 'nwiger',
2321 status => { '!=', 'completed', -not_like => 'pending%' }
2322 );
2323
2324 # Or more dynamically, like from a form
2325 $where{user} = 'nwiger';
2326 $where{status}{'!='} = 'completed';
2327 $where{status}{'-not_like'} = 'pending%';
2328
2329 # Both generate this
2330 $stmt = "WHERE user = ? AND status != ? AND status NOT LIKE ?";
2331 @bind = ('nwiger', 'completed', 'pending%');
2332
96449e8e 2333
32eab2da 2334To get an OR instead, you can combine it with the arrayref idea:
2335
2336 my %where => (
2337 user => 'nwiger',
1a6f2a03 2338 priority => [ { '=', 2 }, { '>', 5 } ]
32eab2da 2339 );
2340
2341Which would generate:
2342
1a6f2a03 2343 $stmt = "WHERE ( priority = ? OR priority > ? ) AND user = ?";
2344 @bind = ('2', '5', 'nwiger');
32eab2da 2345
44b9e502 2346If you want to include literal SQL (with or without bind values), just use a
2347scalar reference or array reference as the value:
2348
2349 my %where = (
2350 date_entered => { '>' => \["to_date(?, 'MM/DD/YYYY')", "11/26/2008"] },
2351 date_expires => { '<' => \"now()" }
2352 );
2353
2354Which would generate:
2355
2356 $stmt = "WHERE date_entered > "to_date(?, 'MM/DD/YYYY') AND date_expires < now()";
2357 @bind = ('11/26/2008');
2358
96449e8e 2359
2360=head2 Logic and nesting operators
2361
2362In the example above,
2363there is a subtle trap if you want to say something like
32eab2da 2364this (notice the C<AND>):
2365
2366 WHERE priority != ? AND priority != ?
2367
2368Because, in Perl you I<can't> do this:
2369
2370 priority => { '!=', 2, '!=', 1 }
2371
2372As the second C<!=> key will obliterate the first. The solution
2373is to use the special C<-modifier> form inside an arrayref:
2374
9d48860e 2375 priority => [ -and => {'!=', 2},
96449e8e 2376 {'!=', 1} ]
2377
32eab2da 2378
2379Normally, these would be joined by C<OR>, but the modifier tells it
2380to use C<AND> instead. (Hint: You can use this in conjunction with the
2381C<logic> option to C<new()> in order to change the way your queries
2382work by default.) B<Important:> Note that the C<-modifier> goes
2383B<INSIDE> the arrayref, as an extra first element. This will
2384B<NOT> do what you think it might:
2385
2386 priority => -and => [{'!=', 2}, {'!=', 1}] # WRONG!
2387
2388Here is a quick list of equivalencies, since there is some overlap:
2389
2390 # Same
2391 status => {'!=', 'completed', 'not like', 'pending%' }
2392 status => [ -and => {'!=', 'completed'}, {'not like', 'pending%'}]
2393
2394 # Same
2395 status => {'=', ['assigned', 'in-progress']}
2396 status => [ -or => {'=', 'assigned'}, {'=', 'in-progress'}]
2397 status => [ {'=', 'assigned'}, {'=', 'in-progress'} ]
2398
e3f9dff4 2399
2400
96449e8e 2401=head2 Special operators : IN, BETWEEN, etc.
2402
32eab2da 2403You can also use the hashref format to compare a list of fields using the
2404C<IN> comparison operator, by specifying the list as an arrayref:
2405
2406 my %where = (
2407 status => 'completed',
2408 reportid => { -in => [567, 2335, 2] }
2409 );
2410
2411Which would generate:
2412
2413 $stmt = "WHERE status = ? AND reportid IN (?,?,?)";
2414 @bind = ('completed', '567', '2335', '2');
2415
9d48860e 2416The reverse operator C<-not_in> generates SQL C<NOT IN> and is used in
96449e8e 2417the same way.
2418
6e0c6552 2419If the argument to C<-in> is an empty array, 'sqlfalse' is generated
2420(by default : C<1=0>). Similarly, C<< -not_in => [] >> generates
2421'sqltrue' (by default : C<1=1>).
2422
e41c3bdd 2423In addition to the array you can supply a chunk of literal sql or
2424literal sql with bind:
6e0c6552 2425
e41c3bdd 2426 my %where = {
2427 customer => { -in => \[
2428 'SELECT cust_id FROM cust WHERE balance > ?',
2429 2000,
2430 ],
2431 status => { -in => \'SELECT status_codes FROM states' },
2432 };
6e0c6552 2433
e41c3bdd 2434would generate:
2435
2436 $stmt = "WHERE (
2437 customer IN ( SELECT cust_id FROM cust WHERE balance > ? )
2438 AND status IN ( SELECT status_codes FROM states )
2439 )";
2440 @bind = ('2000');
2441
0dfd2442 2442Finally, if the argument to C<-in> is not a reference, it will be
2443treated as a single-element array.
e41c3bdd 2444
2445Another pair of operators is C<-between> and C<-not_between>,
96449e8e 2446used with an arrayref of two values:
32eab2da 2447
2448 my %where = (
2449 user => 'nwiger',
2450 completion_date => {
2451 -not_between => ['2002-10-01', '2003-02-06']
2452 }
2453 );
2454
2455Would give you:
2456
2457 WHERE user = ? AND completion_date NOT BETWEEN ( ? AND ? )
2458
e41c3bdd 2459Just like with C<-in> all plausible combinations of literal SQL
2460are possible:
2461
2462 my %where = {
2463 start0 => { -between => [ 1, 2 ] },
2464 start1 => { -between => \["? AND ?", 1, 2] },
2465 start2 => { -between => \"lower(x) AND upper(y)" },
9d48860e 2466 start3 => { -between => [
e41c3bdd 2467 \"lower(x)",
2468 \["upper(?)", 'stuff' ],
2469 ] },
2470 };
2471
2472Would give you:
2473
2474 $stmt = "WHERE (
2475 ( start0 BETWEEN ? AND ? )
2476 AND ( start1 BETWEEN ? AND ? )
2477 AND ( start2 BETWEEN lower(x) AND upper(y) )
2478 AND ( start3 BETWEEN lower(x) AND upper(?) )
2479 )";
2480 @bind = (1, 2, 1, 2, 'stuff');
2481
2482
9d48860e 2483These are the two builtin "special operators"; but the
96449e8e 2484list can be expanded : see section L</"SPECIAL OPERATORS"> below.
2485
59f23b3d 2486=head2 Unary operators: bool
97a920ef 2487
2488If you wish to test against boolean columns or functions within your
2489database you can use the C<-bool> and C<-not_bool> operators. For
2490example to test the column C<is_user> being true and the column
827bb0eb 2491C<is_enabled> being false you would use:-
97a920ef 2492
2493 my %where = (
2494 -bool => 'is_user',
2495 -not_bool => 'is_enabled',
2496 );
2497
2498Would give you:
2499
277b5d3f 2500 WHERE is_user AND NOT is_enabled
97a920ef 2501
0b604e9d 2502If a more complex combination is required, testing more conditions,
2503then you should use the and/or operators:-
2504
2505 my %where = (
2506 -and => [
2507 -bool => 'one',
23401b81 2508 -not_bool => { two=> { -rlike => 'bar' } },
2509 -not_bool => { three => [ { '=', 2 }, { '>', 5 } ] },
0b604e9d 2510 ],
2511 );
2512
2513Would give you:
2514
23401b81 2515 WHERE
2516 one
2517 AND
2518 (NOT two RLIKE ?)
2519 AND
2520 (NOT ( three = ? OR three > ? ))
97a920ef 2521
2522
107b72f1 2523=head2 Nested conditions, -and/-or prefixes
96449e8e 2524
32eab2da 2525So far, we've seen how multiple conditions are joined with a top-level
2526C<AND>. We can change this by putting the different conditions we want in
2527hashes and then putting those hashes in an array. For example:
2528
2529 my @where = (
2530 {
2531 user => 'nwiger',
2532 status => { -like => ['pending%', 'dispatched'] },
2533 },
2534 {
2535 user => 'robot',
2536 status => 'unassigned',
2537 }
2538 );
2539
2540This data structure would create the following:
2541
2542 $stmt = "WHERE ( user = ? AND ( status LIKE ? OR status LIKE ? ) )
2543 OR ( user = ? AND status = ? ) )";
2544 @bind = ('nwiger', 'pending', 'dispatched', 'robot', 'unassigned');
2545
107b72f1 2546
48d9f5f8 2547Clauses in hashrefs or arrayrefs can be prefixed with an C<-and> or C<-or>
2548to change the logic inside :
32eab2da 2549
2550 my @where = (
2551 -and => [
2552 user => 'nwiger',
48d9f5f8 2553 [
2554 -and => [ workhrs => {'>', 20}, geo => 'ASIA' ],
2555 -or => { workhrs => {'<', 50}, geo => 'EURO' },
32eab2da 2556 ],
2557 ],
2558 );
2559
2560That would yield:
2561
48d9f5f8 2562 WHERE ( user = ? AND (
2563 ( workhrs > ? AND geo = ? )
2564 OR ( workhrs < ? OR geo = ? )
2565 ) )
107b72f1 2566
cc422895 2567=head3 Algebraic inconsistency, for historical reasons
107b72f1 2568
7cac25e6 2569C<Important note>: when connecting several conditions, the C<-and->|C<-or>
2570operator goes C<outside> of the nested structure; whereas when connecting
2571several constraints on one column, the C<-and> operator goes
2572C<inside> the arrayref. Here is an example combining both features :
2573
2574 my @where = (
2575 -and => [a => 1, b => 2],
2576 -or => [c => 3, d => 4],
2577 e => [-and => {-like => 'foo%'}, {-like => '%bar'} ]
2578 )
2579
2580yielding
2581
9d48860e 2582 WHERE ( ( ( a = ? AND b = ? )
2583 OR ( c = ? OR d = ? )
7cac25e6 2584 OR ( e LIKE ? AND e LIKE ? ) ) )
2585
107b72f1 2586This difference in syntax is unfortunate but must be preserved for
2587historical reasons. So be careful : the two examples below would
2588seem algebraically equivalent, but they are not
2589
9d48860e 2590 {col => [-and => {-like => 'foo%'}, {-like => '%bar'}]}
107b72f1 2591 # yields : WHERE ( ( col LIKE ? AND col LIKE ? ) )
2592
9d48860e 2593 [-and => {col => {-like => 'foo%'}, {col => {-like => '%bar'}}]]
107b72f1 2594 # yields : WHERE ( ( col LIKE ? OR col LIKE ? ) )
2595
7cac25e6 2596
cc422895 2597=head2 Literal SQL and value type operators
96449e8e 2598
cc422895 2599The basic premise of SQL::Abstract is that in WHERE specifications the "left
2600side" is a column name and the "right side" is a value (normally rendered as
2601a placeholder). This holds true for both hashrefs and arrayref pairs as you
2602see in the L</WHERE CLAUSES> examples above. Sometimes it is necessary to
2603alter this behavior. There are several ways of doing so.
e9614080 2604
cc422895 2605=head3 -ident
2606
2607This is a virtual operator that signals the string to its right side is an
2608identifier (a column name) and not a value. For example to compare two
2609columns you would write:
32eab2da 2610
e9614080 2611 my %where = (
2612 priority => { '<', 2 },
cc422895 2613 requestor => { -ident => 'submitter' },
e9614080 2614 );
2615
2616which creates:
2617
2618 $stmt = "WHERE priority < ? AND requestor = submitter";
2619 @bind = ('2');
2620
cc422895 2621If you are maintaining legacy code you may see a different construct as
2622described in L</Deprecated usage of Literal SQL>, please use C<-ident> in new
2623code.
2624
2625=head3 -value
e9614080 2626
cc422895 2627This is a virtual operator that signals that the construct to its right side
2628is a value to be passed to DBI. This is for example necessary when you want
2629to write a where clause against an array (for RDBMS that support such
2630datatypes). For example:
e9614080 2631
32eab2da 2632 my %where = (
cc422895 2633 array => { -value => [1, 2, 3] }
32eab2da 2634 );
2635
cc422895 2636will result in:
32eab2da 2637
cc422895 2638 $stmt = 'WHERE array = ?';
2639 @bind = ([1, 2, 3]);
32eab2da 2640
cc422895 2641Note that if you were to simply say:
32eab2da 2642
2643 my %where = (
cc422895 2644 array => [1, 2, 3]
32eab2da 2645 );
2646
3af02ccb 2647the result would probably not be what you wanted:
cc422895 2648
2649 $stmt = 'WHERE array = ? OR array = ? OR array = ?';
2650 @bind = (1, 2, 3);
2651
2652=head3 Literal SQL
96449e8e 2653
cc422895 2654Finally, sometimes only literal SQL will do. To include a random snippet
2655of SQL verbatim, you specify it as a scalar reference. Consider this only
2656as a last resort. Usually there is a better way. For example:
96449e8e 2657
2658 my %where = (
cc422895 2659 priority => { '<', 2 },
2660 requestor => { -in => \'(SELECT name FROM hitmen)' },
96449e8e 2661 );
2662
cc422895 2663Would create:
96449e8e 2664
cc422895 2665 $stmt = "WHERE priority < ? AND requestor IN (SELECT name FROM hitmen)"
2666 @bind = (2);
2667
2668Note that in this example, you only get one bind parameter back, since
2669the verbatim SQL is passed as part of the statement.
2670
2671=head4 CAVEAT
2672
2673 Never use untrusted input as a literal SQL argument - this is a massive
2674 security risk (there is no way to check literal snippets for SQL
2675 injections and other nastyness). If you need to deal with untrusted input
2676 use literal SQL with placeholders as described next.
96449e8e 2677
cc422895 2678=head3 Literal SQL with placeholders and bind values (subqueries)
96449e8e 2679
2680If the literal SQL to be inserted has placeholders and bind values,
2681use a reference to an arrayref (yes this is a double reference --
2682not so common, but perfectly legal Perl). For example, to find a date
2683in Postgres you can use something like this:
2684
2685 my %where = (
a3e3e6a1 2686 date_column => \[q/= date '2008-09-30' - ?::integer/, 10]
96449e8e 2687 )
2688
2689This would create:
2690
d2a8fe1a 2691 $stmt = "WHERE ( date_column = date '2008-09-30' - ?::integer )"
96449e8e 2692 @bind = ('10');
2693
deb148a2 2694Note that you must pass the bind values in the same format as they are returned
62552e7d 2695by L</where>. That means that if you set L</bindtype> to C<columns>, you must
26f2dca5 2696provide the bind values in the C<< [ column_meta => value ] >> format, where
2697C<column_meta> is an opaque scalar value; most commonly the column name, but
62552e7d 2698you can use any scalar value (including references and blessed references),
2699L<SQL::Abstract> will simply pass it through intact. So if C<bindtype> is set
2700to C<columns> the above example will look like:
deb148a2 2701
2702 my %where = (
a3e3e6a1 2703 date_column => \[q/= date '2008-09-30' - ?::integer/, [ dummy => 10 ]]
deb148a2 2704 )
96449e8e 2705
2706Literal SQL is especially useful for nesting parenthesized clauses in the
2707main SQL query. Here is a first example :
2708
2709 my ($sub_stmt, @sub_bind) = ("SELECT c1 FROM t1 WHERE c2 < ? AND c3 LIKE ?",
2710 100, "foo%");
2711 my %where = (
2712 foo => 1234,
2713 bar => \["IN ($sub_stmt)" => @sub_bind],
2714 );
2715
2716This yields :
2717
9d48860e 2718 $stmt = "WHERE (foo = ? AND bar IN (SELECT c1 FROM t1
96449e8e 2719 WHERE c2 < ? AND c3 LIKE ?))";
2720 @bind = (1234, 100, "foo%");
2721
9d48860e 2722Other subquery operators, like for example C<"E<gt> ALL"> or C<"NOT IN">,
96449e8e 2723are expressed in the same way. Of course the C<$sub_stmt> and
9d48860e 2724its associated bind values can be generated through a former call
96449e8e 2725to C<select()> :
2726
2727 my ($sub_stmt, @sub_bind)
9d48860e 2728 = $sql->select("t1", "c1", {c2 => {"<" => 100},
96449e8e 2729 c3 => {-like => "foo%"}});
2730 my %where = (
2731 foo => 1234,
2732 bar => \["> ALL ($sub_stmt)" => @sub_bind],
2733 );
2734
2735In the examples above, the subquery was used as an operator on a column;
9d48860e 2736but the same principle also applies for a clause within the main C<%where>
96449e8e 2737hash, like an EXISTS subquery :
2738
9d48860e 2739 my ($sub_stmt, @sub_bind)
96449e8e 2740 = $sql->select("t1", "*", {c1 => 1, c2 => \"> t0.c0"});
48d9f5f8 2741 my %where = ( -and => [
96449e8e 2742 foo => 1234,
48d9f5f8 2743 \["EXISTS ($sub_stmt)" => @sub_bind],
2744 ]);
96449e8e 2745
2746which yields
2747
9d48860e 2748 $stmt = "WHERE (foo = ? AND EXISTS (SELECT * FROM t1
96449e8e 2749 WHERE c1 = ? AND c2 > t0.c0))";
2750 @bind = (1234, 1);
2751
2752
9d48860e 2753Observe that the condition on C<c2> in the subquery refers to
2754column C<t0.c0> of the main query : this is I<not> a bind
2755value, so we have to express it through a scalar ref.
96449e8e 2756Writing C<< c2 => {">" => "t0.c0"} >> would have generated
2757C<< c2 > ? >> with bind value C<"t0.c0"> ... not exactly
2758what we wanted here.
2759
96449e8e 2760Finally, here is an example where a subquery is used
2761for expressing unary negation:
2762
9d48860e 2763 my ($sub_stmt, @sub_bind)
96449e8e 2764 = $sql->where({age => [{"<" => 10}, {">" => 20}]});
2765 $sub_stmt =~ s/^ where //i; # don't want "WHERE" in the subclause
2766 my %where = (
2767 lname => {like => '%son%'},
48d9f5f8 2768 \["NOT ($sub_stmt)" => @sub_bind],
96449e8e 2769 );
2770
2771This yields
2772
2773 $stmt = "lname LIKE ? AND NOT ( age < ? OR age > ? )"
2774 @bind = ('%son%', 10, 20)
2775
cc422895 2776=head3 Deprecated usage of Literal SQL
2777
2778Below are some examples of archaic use of literal SQL. It is shown only as
2779reference for those who deal with legacy code. Each example has a much
2780better, cleaner and safer alternative that users should opt for in new code.
2781
2782=over
2783
2784=item *
2785
2786 my %where = ( requestor => \'IS NOT NULL' )
2787
2788 $stmt = "WHERE requestor IS NOT NULL"
2789
2790This used to be the way of generating NULL comparisons, before the handling
2791of C<undef> got formalized. For new code please use the superior syntax as
2792described in L</Tests for NULL values>.
96449e8e 2793
cc422895 2794=item *
2795
2796 my %where = ( requestor => \'= submitter' )
2797
2798 $stmt = "WHERE requestor = submitter"
2799
2800This used to be the only way to compare columns. Use the superior L</-ident>
2801method for all new code. For example an identifier declared in such a way
2802will be properly quoted if L</quote_char> is properly set, while the legacy
2803form will remain as supplied.
2804
2805=item *
2806
2807 my %where = ( is_ready => \"", completed => { '>', '2012-12-21' } )
2808
2809 $stmt = "WHERE completed > ? AND is_ready"
2810 @bind = ('2012-12-21')
2811
2812Using an empty string literal used to be the only way to express a boolean.
2813For all new code please use the much more readable
2814L<-bool|/Unary operators: bool> operator.
2815
2816=back
96449e8e 2817
2818=head2 Conclusion
2819
32eab2da 2820These pages could go on for a while, since the nesting of the data
2821structures this module can handle are pretty much unlimited (the
2822module implements the C<WHERE> expansion as a recursive function
2823internally). Your best bet is to "play around" with the module a
2824little to see how the data structures behave, and choose the best
2825format for your data based on that.
2826
2827And of course, all the values above will probably be replaced with
2828variables gotten from forms or the command line. After all, if you
2829knew everything ahead of time, you wouldn't have to worry about
2830dynamically-generating SQL and could just hardwire it into your
2831script.
2832
86298391 2833=head1 ORDER BY CLAUSES
2834
9d48860e 2835Some functions take an order by clause. This can either be a scalar (just a
86298391 2836column name,) a hash of C<< { -desc => 'col' } >> or C<< { -asc => 'col' } >>,
1cfa1db3 2837or an array of either of the two previous forms. Examples:
2838
952f9e2d 2839 Given | Will Generate
1cfa1db3 2840 ----------------------------------------------------------
952f9e2d 2841 |
2842 \'colA DESC' | ORDER BY colA DESC
2843 |
2844 'colA' | ORDER BY colA
2845 |
2846 [qw/colA colB/] | ORDER BY colA, colB
2847 |
2848 {-asc => 'colA'} | ORDER BY colA ASC
2849 |
2850 {-desc => 'colB'} | ORDER BY colB DESC
2851 |
2852 ['colA', {-asc => 'colB'}] | ORDER BY colA, colB ASC
2853 |
855e6047 2854 { -asc => [qw/colA colB/] } | ORDER BY colA ASC, colB ASC
952f9e2d 2855 |
2856 [ |
2857 { -asc => 'colA' }, | ORDER BY colA ASC, colB DESC,
2858 { -desc => [qw/colB/], | colC ASC, colD ASC
2859 { -asc => [qw/colC colD/],|
2860 ] |
2861 ===========================================================
86298391 2862
96449e8e 2863
2864
2865=head1 SPECIAL OPERATORS
2866
e3f9dff4 2867 my $sqlmaker = SQL::Abstract->new(special_ops => [
3a2e1a5e 2868 {
2869 regex => qr/.../,
e3f9dff4 2870 handler => sub {
2871 my ($self, $field, $op, $arg) = @_;
2872 ...
3a2e1a5e 2873 },
2874 },
2875 {
2876 regex => qr/.../,
2877 handler => 'method_name',
e3f9dff4 2878 },
2879 ]);
2880
9d48860e 2881A "special operator" is a SQL syntactic clause that can be
e3f9dff4 2882applied to a field, instead of a usual binary operator.
9d48860e 2883For example :
e3f9dff4 2884
2885 WHERE field IN (?, ?, ?)
2886 WHERE field BETWEEN ? AND ?
2887 WHERE MATCH(field) AGAINST (?, ?)
96449e8e 2888
e3f9dff4 2889Special operators IN and BETWEEN are fairly standard and therefore
3a2e1a5e 2890are builtin within C<SQL::Abstract> (as the overridable methods
2891C<_where_field_IN> and C<_where_field_BETWEEN>). For other operators,
2892like the MATCH .. AGAINST example above which is specific to MySQL,
2893you can write your own operator handlers - supply a C<special_ops>
2894argument to the C<new> method. That argument takes an arrayref of
2895operator definitions; each operator definition is a hashref with two
2896entries:
96449e8e 2897
e3f9dff4 2898=over
2899
2900=item regex
2901
2902the regular expression to match the operator
96449e8e 2903
e3f9dff4 2904=item handler
2905
3a2e1a5e 2906Either a coderef or a plain scalar method name. In both cases
2907the expected return is C<< ($sql, @bind) >>.
2908
2909When supplied with a method name, it is simply called on the
2910L<SQL::Abstract/> object as:
2911
2912 $self->$method_name ($field, $op, $arg)
2913
2914 Where:
2915
2916 $op is the part that matched the handler regex
2917 $field is the LHS of the operator
2918 $arg is the RHS
2919
2920When supplied with a coderef, it is called as:
2921
2922 $coderef->($self, $field, $op, $arg)
2923
e3f9dff4 2924
2925=back
2926
9d48860e 2927For example, here is an implementation
e3f9dff4 2928of the MATCH .. AGAINST syntax for MySQL
2929
2930 my $sqlmaker = SQL::Abstract->new(special_ops => [
9d48860e 2931
e3f9dff4 2932 # special op for MySql MATCH (field) AGAINST(word1, word2, ...)
9d48860e 2933 {regex => qr/^match$/i,
e3f9dff4 2934 handler => sub {
2935 my ($self, $field, $op, $arg) = @_;
2936 $arg = [$arg] if not ref $arg;
2937 my $label = $self->_quote($field);
2938 my ($placeholder) = $self->_convert('?');
2939 my $placeholders = join ", ", (($placeholder) x @$arg);
2940 my $sql = $self->_sqlcase('match') . " ($label) "
2941 . $self->_sqlcase('against') . " ($placeholders) ";
2942 my @bind = $self->_bindtype($field, @$arg);
2943 return ($sql, @bind);
2944 }
2945 },
9d48860e 2946
e3f9dff4 2947 ]);
96449e8e 2948
2949
59f23b3d 2950=head1 UNARY OPERATORS
2951
112b5232 2952 my $sqlmaker = SQL::Abstract->new(unary_ops => [
59f23b3d 2953 {
2954 regex => qr/.../,
2955 handler => sub {
2956 my ($self, $op, $arg) = @_;
2957 ...
2958 },
2959 },
2960 {
2961 regex => qr/.../,
2962 handler => 'method_name',
2963 },
2964 ]);
2965
9d48860e 2966A "unary operator" is a SQL syntactic clause that can be
59f23b3d 2967applied to a field - the operator goes before the field
2968
2969You can write your own operator handlers - supply a C<unary_ops>
2970argument to the C<new> method. That argument takes an arrayref of
2971operator definitions; each operator definition is a hashref with two
2972entries:
2973
2974=over
2975
2976=item regex
2977
2978the regular expression to match the operator
2979
2980=item handler
2981
2982Either a coderef or a plain scalar method name. In both cases
2983the expected return is C<< $sql >>.
2984
2985When supplied with a method name, it is simply called on the
2986L<SQL::Abstract/> object as:
2987
2988 $self->$method_name ($op, $arg)
2989
2990 Where:
2991
2992 $op is the part that matched the handler regex
2993 $arg is the RHS or argument of the operator
2994
2995When supplied with a coderef, it is called as:
2996
2997 $coderef->($self, $op, $arg)
2998
2999
3000=back
3001
3002
32eab2da 3003=head1 PERFORMANCE
3004
3005Thanks to some benchmarking by Mark Stosberg, it turns out that
3006this module is many orders of magnitude faster than using C<DBIx::Abstract>.
3007I must admit this wasn't an intentional design issue, but it's a
3008byproduct of the fact that you get to control your C<DBI> handles
3009yourself.
3010
3011To maximize performance, use a code snippet like the following:
3012
3013 # prepare a statement handle using the first row
3014 # and then reuse it for the rest of the rows
3015 my($sth, $stmt);
3016 for my $href (@array_of_hashrefs) {
3017 $stmt ||= $sql->insert('table', $href);
3018 $sth ||= $dbh->prepare($stmt);
3019 $sth->execute($sql->values($href));
3020 }
3021
3022The reason this works is because the keys in your C<$href> are sorted
3023internally by B<SQL::Abstract>. Thus, as long as your data retains
3024the same structure, you only have to generate the SQL the first time
3025around. On subsequent queries, simply use the C<values> function provided
3026by this module to return your values in the correct order.
3027
b864ba9b 3028However this depends on the values having the same type - if, for
3029example, the values of a where clause may either have values
3030(resulting in sql of the form C<column = ?> with a single bind
3031value), or alternatively the values might be C<undef> (resulting in
3032sql of the form C<column IS NULL> with no bind value) then the
3033caching technique suggested will not work.
96449e8e 3034
32eab2da 3035=head1 FORMBUILDER
3036
3037If you use my C<CGI::FormBuilder> module at all, you'll hopefully
3038really like this part (I do, at least). Building up a complex query
3039can be as simple as the following:
3040
3041 #!/usr/bin/perl
3042
46dc2f3e 3043 use warnings;
3044 use strict;
3045
32eab2da 3046 use CGI::FormBuilder;
3047 use SQL::Abstract;
3048
3049 my $form = CGI::FormBuilder->new(...);
3050 my $sql = SQL::Abstract->new;
3051
3052 if ($form->submitted) {
3053 my $field = $form->field;
3054 my $id = delete $field->{id};
3055 my($stmt, @bind) = $sql->update('table', $field, {id => $id});
3056 }
3057
3058Of course, you would still have to connect using C<DBI> to run the
3059query, but the point is that if you make your form look like your
3060table, the actual query script can be extremely simplistic.
3061
3062If you're B<REALLY> lazy (I am), check out C<HTML::QuickTable> for
9d48860e 3063a fast interface to returning and formatting data. I frequently
32eab2da 3064use these three modules together to write complex database query
3065apps in under 50 lines.
3066
d8cc1792 3067=head1 REPO
3068
3069=over
3070
6d19fbf9 3071=item * gitweb: L<http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=dbsrgits/SQL-Abstract.git>
d8cc1792 3072
6d19fbf9 3073=item * git: L<git://git.shadowcat.co.uk/dbsrgits/SQL-Abstract.git>
d8cc1792 3074
3075=back
32eab2da 3076
96449e8e 3077=head1 CHANGES
3078
3079Version 1.50 was a major internal refactoring of C<SQL::Abstract>.
3080Great care has been taken to preserve the I<published> behavior
3081documented in previous versions in the 1.* family; however,
9d48860e 3082some features that were previously undocumented, or behaved
96449e8e 3083differently from the documentation, had to be changed in order
3084to clarify the semantics. Hence, client code that was relying
9d48860e 3085on some dark areas of C<SQL::Abstract> v1.*
96449e8e 3086B<might behave differently> in v1.50.
32eab2da 3087
d2a8fe1a 3088The main changes are :
3089
96449e8e 3090=over
32eab2da 3091
9d48860e 3092=item *
32eab2da 3093
96449e8e 3094support for literal SQL through the C<< \ [$sql, bind] >> syntax.
3095
3096=item *
3097
145fbfc8 3098support for the { operator => \"..." } construct (to embed literal SQL)
3099
3100=item *
3101
9c37b9c0 3102support for the { operator => \["...", @bind] } construct (to embed literal SQL with bind values)
3103
3104=item *
3105
96449e8e 3106optional support for L<array datatypes|/"Inserting and Updating Arrays">
3107
9d48860e 3108=item *
96449e8e 3109
3110defensive programming : check arguments
3111
3112=item *
3113
3114fixed bug with global logic, which was previously implemented
7cac25e6 3115through global variables yielding side-effects. Prior versions would
96449e8e 3116interpret C<< [ {cond1, cond2}, [cond3, cond4] ] >>
3117as C<< "(cond1 AND cond2) OR (cond3 AND cond4)" >>.
3118Now this is interpreted
3119as C<< "(cond1 AND cond2) OR (cond3 OR cond4)" >>.
3120
96449e8e 3121
3122=item *
3123
3124fixed semantics of _bindtype on array args
3125
9d48860e 3126=item *
96449e8e 3127
3128dropped the C<_anoncopy> of the %where tree. No longer necessary,
3129we just avoid shifting arrays within that tree.
3130
3131=item *
3132
3133dropped the C<_modlogic> function
3134
3135=back
32eab2da 3136
32eab2da 3137=head1 ACKNOWLEDGEMENTS
3138
3139There are a number of individuals that have really helped out with
3140this module. Unfortunately, most of them submitted bugs via CPAN
3141so I have no idea who they are! But the people I do know are:
3142
9d48860e 3143 Ash Berlin (order_by hash term support)
b643abe1 3144 Matt Trout (DBIx::Class support)
32eab2da 3145 Mark Stosberg (benchmarking)
3146 Chas Owens (initial "IN" operator support)
3147 Philip Collins (per-field SQL functions)
3148 Eric Kolve (hashref "AND" support)
3149 Mike Fragassi (enhancements to "BETWEEN" and "LIKE")
3150 Dan Kubb (support for "quote_char" and "name_sep")
f5aab26e 3151 Guillermo Roditi (patch to cleanup "IN" and "BETWEEN", fix and tests for _order_by)
48d9f5f8 3152 Laurent Dami (internal refactoring, extensible list of special operators, literal SQL)
dbdf7648 3153 Norbert Buchmuller (support for literal SQL in hashpair, misc. fixes & tests)
e96c510a 3154 Peter Rabbitson (rewrite of SQLA::Test, misc. fixes & tests)
02288357 3155 Oliver Charles (support for "RETURNING" after "INSERT")
32eab2da 3156
3157Thanks!
3158
32eab2da 3159=head1 SEE ALSO
3160
86298391 3161L<DBIx::Class>, L<DBIx::Abstract>, L<CGI::FormBuilder>, L<HTML::QuickTable>.
32eab2da 3162
32eab2da 3163=head1 AUTHOR
3164
b643abe1 3165Copyright (c) 2001-2007 Nathan Wiger <nwiger@cpan.org>. All Rights Reserved.
3166
3167This module is actively maintained by Matt Trout <mst@shadowcatsystems.co.uk>
32eab2da 3168
abe72f94 3169For support, your best bet is to try the C<DBIx::Class> users mailing list.
3170While not an official support venue, C<DBIx::Class> makes heavy use of
3171C<SQL::Abstract>, and as such list members there are very familiar with
3172how to create queries.
3173
0d067ded 3174=head1 LICENSE
3175
d988ab87 3176This module is free software; you may copy this under the same
3177terms as perl itself (either the GNU General Public License or
3178the Artistic License)
32eab2da 3179
3180=cut
3181
Unnamed repository; edit this file 'description' to name the repository.