projects / scpubgit/Q-Branch.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
Make sure is_plain_value returns the actual object pre-stringify
[scpubgit/Q-Branch.git] / lib / SQL / Abstract.pm
CommitLineData
96449e8e 1package SQL::Abstract; # see doc at end of file
2
96449e8e 3use strict;
4use warnings;
9d9d5bd6 5use Carp ();
312d830b 6use List::Util ();
7use Scalar::Util ();
96449e8e 8
0da0fe34 9use Exporter 'import';
10our @EXPORT_OK = qw(is_plain_value is_literal_value);
11
12BEGIN {
13 if ($] < 5.009_005) {
14 require MRO::Compat;
15 }
16 else {
17 require mro;
18 }
19}
20
96449e8e 21#======================================================================
22# GLOBALS
23#======================================================================
24
b54fd911 25our $VERSION = '1.78';
7479e27e 26
22f1a437 27# This would confuse some packagers
c520207b 28$VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
96449e8e 29
30our $AUTOLOAD;
31
32# special operators (-in, -between). May be extended/overridden by user.
33# See section WHERE: BUILTIN SPECIAL OPERATORS below for implementation
34my @BUILTIN_SPECIAL_OPS = (
b8db59b8 35 {regex => qr/^ (?: not \s )? between $/ix, handler => '_where_field_BETWEEN'},
36 {regex => qr/^ (?: not \s )? in $/ix, handler => '_where_field_IN'},
cc422895 37 {regex => qr/^ ident $/ix, handler => '_where_op_IDENT'},
38 {regex => qr/^ value $/ix, handler => '_where_op_VALUE'},
b9b5a0b1 39 {regex => qr/^ is (?: \s+ not )? $/ix, handler => '_where_field_IS'},
96449e8e 40);
41
97a920ef 42# unaryish operators - key maps to handler
59f23b3d 43my @BUILTIN_UNARY_OPS = (
a47b433a 44 # the digits are backcompat stuff
b8db59b8 45 { regex => qr/^ and (?: [_\s]? \d+ )? $/xi, handler => '_where_op_ANDOR' },
46 { regex => qr/^ or (?: [_\s]? \d+ )? $/xi, handler => '_where_op_ANDOR' },
47 { regex => qr/^ nest (?: [_\s]? \d+ )? $/xi, handler => '_where_op_NEST' },
48 { regex => qr/^ (?: not \s )? bool $/xi, handler => '_where_op_BOOL' },
cc422895 49 { regex => qr/^ ident $/xi, handler => '_where_op_IDENT' },
b9b5a0b1 50 { regex => qr/^ value $/xi, handler => '_where_op_VALUE' },
59f23b3d 51);
97a920ef 52
96449e8e 53#======================================================================
54# DEBUGGING AND ERROR REPORTING
55#======================================================================
56
57sub _debug {
58 return unless $_[0]->{debug}; shift; # a little faster
59 my $func = (caller(1))[3];
60 warn "[$func] ", @_, "\n";
61}
62
63sub belch (@) {
64 my($func) = (caller(1))[3];
9d9d5bd6 65 Carp::carp "[$func] Warning: ", @_;
96449e8e 66}
67
68sub puke (@) {
69 my($func) = (caller(1))[3];
9d9d5bd6 70 Carp::croak "[$func] Fatal: ", @_;
96449e8e 71}
72
0da0fe34 73sub is_literal_value ($) {
74 ref $_[0] eq 'SCALAR' ? [ ${$_[0]} ]
75 : ( ref $_[0] eq 'REF' and ref ${$_[0]} eq 'ARRAY' ) ? [ @${ $_[0] } ]
76 : (
77 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
78 and
79 defined $_[0]->{-ident} and ! length ref $_[0]->{-ident}
80 ) ? [ $_[0]->{-ident} ]
81 : undef;
82}
83
84# FIXME XSify - this can be done so much more efficiently
85sub is_plain_value ($) {
86 no strict 'refs';
87 ! length ref $_[0] ? [ $_[0] ]
88 : (
89 ref $_[0] eq 'HASH' and keys %{$_[0]} == 1
90 and
91 exists $_[0]->{-value}
92 ) ? [ $_[0]->{-value} ]
93 : (
a1c9e0ff 94 # reuse @_ for even moar speedz
95 defined ( $_[1] = Scalar::Util::blessed $_[0] )
0da0fe34 96 and
97 # deliberately not using Devel::OverloadInfo - the checks we are
98 # intersted in are much more limited than the fullblown thing, and
99 # this is a very hot piece of code
100 (
101 # FIXME - DBI needs fixing to stringify regardless of DBD
102 #
e8d729d4 103 # simply using ->can('(""') can leave behind stub methods that
104 # break actually using the overload later (see L<perldiag/Stub
105 # found while resolving method "%s" overloading "%s" in package
106 # "%s"> and the source of overload::mycan())
44e54b41 107 #
0da0fe34 108 # either has stringification which DBI SHOULD prefer out of the box
a1c9e0ff 109 grep { *{ (qq[${_}::(""]) }{CODE} } @{ $_[2] = mro::get_linear_isa( $_[1] ) }
0da0fe34 110 or
111 # has nummification and fallback is *not* disabled
0da0fe34 112 (
a1c9e0ff 113 grep { *{"${_}::(0+"}{CODE} } @{ mro::get_linear_isa( $_[1] ) }
0da0fe34 114 and
115 (
116 # no fallback specified at all
a1c9e0ff 117 ! ( ($_[3]) = grep { *{"${_}::()"}{CODE} } @{$_[2]} )
0da0fe34 118 or
119 # fallback explicitly undef
a1c9e0ff 120 ! defined ${"$_[3]::()"}
0da0fe34 121 or
122 # explicitly true
a1c9e0ff 123 !! ${"$_[3]::()"}
0da0fe34 124 )
125 )
126 )
d0ecdb28 127 ) ? [ $_[0] ]
0da0fe34 128 : undef;
129}
130
131
96449e8e 132
133#======================================================================
134# NEW
135#======================================================================
136
137sub new {
138 my $self = shift;
139 my $class = ref($self) || $self;
140 my %opt = (ref $_[0] eq 'HASH') ? %{$_[0]} : @_;
141
142 # choose our case by keeping an option around
143 delete $opt{case} if $opt{case} && $opt{case} ne 'lower';
144
145 # default logic for interpreting arrayrefs
ef559da3 146 $opt{logic} = $opt{logic} ? uc $opt{logic} : 'OR';
96449e8e 147
148 # how to return bind vars
96449e8e 149 $opt{bindtype} ||= 'normal';
150
151 # default comparison is "=", but can be overridden
152 $opt{cmp} ||= '=';
153
3af02ccb 154 # try to recognize which are the 'equality' and 'inequality' ops
3cdadcbe 155 # (temporary quickfix (in 2007), should go through a more seasoned API)
156 $opt{equality_op} = qr/^( \Q$opt{cmp}\E | \= )$/ix;
157 $opt{inequality_op} = qr/^( != | <> )$/ix;
158
159 $opt{like_op} = qr/^ (is\s+)? r?like $/xi;
160 $opt{not_like_op} = qr/^ (is\s+)? not \s+ r?like $/xi;
96449e8e 161
162 # SQL booleans
163 $opt{sqltrue} ||= '1=1';
164 $opt{sqlfalse} ||= '0=1';
165
9d48860e 166 # special operators
96449e8e 167 $opt{special_ops} ||= [];
b6251592 168 # regexes are applied in order, thus push after user-defines
96449e8e 169 push @{$opt{special_ops}}, @BUILTIN_SPECIAL_OPS;
170
9d48860e 171 # unary operators
59f23b3d 172 $opt{unary_ops} ||= [];
173 push @{$opt{unary_ops}}, @BUILTIN_UNARY_OPS;
174
3af02ccb 175 # rudimentary sanity-check for user supplied bits treated as functions/operators
b6251592 176 # If a purported function matches this regular expression, an exception is thrown.
177 # Literal SQL is *NOT* subject to this check, only functions (and column names
178 # when quoting is not in effect)
96449e8e 179
b6251592 180 # FIXME
181 # need to guard against ()'s in column names too, but this will break tons of
182 # hacks... ideas anyone?
183 $opt{injection_guard} ||= qr/
184 \;
185 |
186 ^ \s* go \s
187 /xmi;
96449e8e 188
b6251592 189 return bless \%opt, $class;
190}
96449e8e 191
170e6c33 192
193sub _assert_pass_injection_guard {
194 if ($_[1] =~ $_[0]->{injection_guard}) {
195 my $class = ref $_[0];
196 puke "Possible SQL injection attempt '$_[1]'. If this is indeed a part of the "
197 . "desired SQL use literal SQL ( \'...' or \[ '...' ] ) or supply your own "
198 . "{injection_guard} attribute to ${class}->new()"
199 }
200}
201
202
96449e8e 203#======================================================================
204# INSERT methods
205#======================================================================
206
207sub insert {
02288357 208 my $self = shift;
209 my $table = $self->_table(shift);
210 my $data = shift || return;
211 my $options = shift;
96449e8e 212
213 my $method = $self->_METHOD_FOR_refkind("_insert", $data);
02288357 214 my ($sql, @bind) = $self->$method($data);
96449e8e 215 $sql = join " ", $self->_sqlcase('insert into'), $table, $sql;
02288357 216
e82e648a 217 if ($options->{returning}) {
218 my ($s, @b) = $self->_insert_returning ($options);
219 $sql .= $s;
220 push @bind, @b;
02288357 221 }
222
96449e8e 223 return wantarray ? ($sql, @bind) : $sql;
224}
225
6b1fe79d 226sub _insert_returning {
e82e648a 227 my ($self, $options) = @_;
6b1fe79d 228
e82e648a 229 my $f = $options->{returning};
230
231 my $fieldlist = $self->_SWITCH_refkind($f, {
232 ARRAYREF => sub {join ', ', map { $self->_quote($_) } @$f;},
233 SCALAR => sub {$self->_quote($f)},
234 SCALARREF => sub {$$f},
6b1fe79d 235 });
e82e648a 236 return $self->_sqlcase(' returning ') . $fieldlist;
6b1fe79d 237}
238
96449e8e 239sub _insert_HASHREF { # explicit list of fields and then values
240 my ($self, $data) = @_;
241
242 my @fields = sort keys %$data;
243
fe3ae272 244 my ($sql, @bind) = $self->_insert_values($data);
96449e8e 245
246 # assemble SQL
247 $_ = $self->_quote($_) foreach @fields;
248 $sql = "( ".join(", ", @fields).") ".$sql;
249
250 return ($sql, @bind);
251}
252
253sub _insert_ARRAYREF { # just generate values(?,?) part (no list of fields)
254 my ($self, $data) = @_;
255
256 # no names (arrayref) so can't generate bindtype
257 $self->{bindtype} ne 'columns'
258 or belch "can't do 'columns' bindtype when called with arrayref";
259
fe3ae272 260 # fold the list of values into a hash of column name - value pairs
261 # (where the column names are artificially generated, and their
262 # lexicographical ordering keep the ordering of the original list)
263 my $i = "a"; # incremented values will be in lexicographical order
264 my $data_in_hash = { map { ($i++ => $_) } @$data };
265
266 return $self->_insert_values($data_in_hash);
267}
268
269sub _insert_ARRAYREFREF { # literal SQL with bind
270 my ($self, $data) = @_;
271
272 my ($sql, @bind) = @${$data};
273 $self->_assert_bindval_matches_bindtype(@bind);
274
275 return ($sql, @bind);
276}
277
278
279sub _insert_SCALARREF { # literal SQL without bind
280 my ($self, $data) = @_;
281
282 return ($$data);
283}
284
285sub _insert_values {
286 my ($self, $data) = @_;
287
96449e8e 288 my (@values, @all_bind);
fe3ae272 289 foreach my $column (sort keys %$data) {
290 my $v = $data->{$column};
96449e8e 291
292 $self->_SWITCH_refkind($v, {
293
9d48860e 294 ARRAYREF => sub {
96449e8e 295 if ($self->{array_datatypes}) { # if array datatype are activated
296 push @values, '?';
fe3ae272 297 push @all_bind, $self->_bindtype($column, $v);
96449e8e 298 }
299 else { # else literal SQL with bind
300 my ($sql, @bind) = @$v;
fe3ae272 301 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 302 push @values, $sql;
303 push @all_bind, @bind;
304 }
305 },
306
307 ARRAYREFREF => sub { # literal SQL with bind
308 my ($sql, @bind) = @${$v};
fe3ae272 309 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 310 push @values, $sql;
311 push @all_bind, @bind;
312 },
313
9d48860e 314 # THINK : anything useful to do with a HASHREF ?
5db47f9f 315 HASHREF => sub { # (nothing, but old SQLA passed it through)
316 #TODO in SQLA >= 2.0 it will die instead
317 belch "HASH ref as bind value in insert is not supported";
318 push @values, '?';
fe3ae272 319 push @all_bind, $self->_bindtype($column, $v);
5db47f9f 320 },
96449e8e 321
322 SCALARREF => sub { # literal SQL without bind
323 push @values, $$v;
324 },
325
326 SCALAR_or_UNDEF => sub {
327 push @values, '?';
fe3ae272 328 push @all_bind, $self->_bindtype($column, $v);
96449e8e 329 },
330
331 });
332
333 }
334
335 my $sql = $self->_sqlcase('values')." ( ".join(", ", @values)." )";
336 return ($sql, @all_bind);
337}
338
339
96449e8e 340
341#======================================================================
342# UPDATE methods
343#======================================================================
344
345
346sub update {
347 my $self = shift;
348 my $table = $self->_table(shift);
349 my $data = shift || return;
350 my $where = shift;
351
352 # first build the 'SET' part of the sql statement
353 my (@set, @all_bind);
354 puke "Unsupported data type specified to \$sql->update"
355 unless ref $data eq 'HASH';
356
357 for my $k (sort keys %$data) {
358 my $v = $data->{$k};
359 my $r = ref $v;
360 my $label = $self->_quote($k);
361
362 $self->_SWITCH_refkind($v, {
9d48860e 363 ARRAYREF => sub {
96449e8e 364 if ($self->{array_datatypes}) { # array datatype
365 push @set, "$label = ?";
366 push @all_bind, $self->_bindtype($k, $v);
367 }
368 else { # literal SQL with bind
369 my ($sql, @bind) = @$v;
fe3ae272 370 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 371 push @set, "$label = $sql";
fe3ae272 372 push @all_bind, @bind;
96449e8e 373 }
374 },
375 ARRAYREFREF => sub { # literal SQL with bind
376 my ($sql, @bind) = @${$v};
fe3ae272 377 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 378 push @set, "$label = $sql";
fe3ae272 379 push @all_bind, @bind;
96449e8e 380 },
381 SCALARREF => sub { # literal SQL without bind
382 push @set, "$label = $$v";
0ec3aec7 383 },
384 HASHREF => sub {
385 my ($op, $arg, @rest) = %$v;
386
387 puke 'Operator calls in update must be in the form { -op => $arg }'
388 if (@rest or not $op =~ /^\-(.+)/);
389
390 local $self->{_nested_func_lhs} = $k;
391 my ($sql, @bind) = $self->_where_unary_op ($1, $arg);
392
393 push @set, "$label = $sql";
394 push @all_bind, @bind;
395 },
96449e8e 396 SCALAR_or_UNDEF => sub {
397 push @set, "$label = ?";
398 push @all_bind, $self->_bindtype($k, $v);
399 },
400 });
401 }
402
403 # generate sql
404 my $sql = $self->_sqlcase('update') . " $table " . $self->_sqlcase('set ')
405 . join ', ', @set;
406
407 if ($where) {
408 my($where_sql, @where_bind) = $self->where($where);
409 $sql .= $where_sql;
410 push @all_bind, @where_bind;
411 }
412
413 return wantarray ? ($sql, @all_bind) : $sql;
414}
415
416
417
418
419#======================================================================
420# SELECT
421#======================================================================
422
423
424sub select {
425 my $self = shift;
426 my $table = $self->_table(shift);
427 my $fields = shift || '*';
428 my $where = shift;
429 my $order = shift;
430
431 my($where_sql, @bind) = $self->where($where, $order);
432
433 my $f = (ref $fields eq 'ARRAY') ? join ', ', map { $self->_quote($_) } @$fields
434 : $fields;
9d48860e 435 my $sql = join(' ', $self->_sqlcase('select'), $f,
96449e8e 436 $self->_sqlcase('from'), $table)
437 . $where_sql;
438
9d48860e 439 return wantarray ? ($sql, @bind) : $sql;
96449e8e 440}
441
442#======================================================================
443# DELETE
444#======================================================================
445
446
447sub delete {
448 my $self = shift;
449 my $table = $self->_table(shift);
450 my $where = shift;
451
452
453 my($where_sql, @bind) = $self->where($where);
454 my $sql = $self->_sqlcase('delete from') . " $table" . $where_sql;
455
9d48860e 456 return wantarray ? ($sql, @bind) : $sql;
96449e8e 457}
458
459
460#======================================================================
461# WHERE: entry point
462#======================================================================
463
464
465
466# Finally, a separate routine just to handle WHERE clauses
467sub where {
468 my ($self, $where, $order) = @_;
469
470 # where ?
471 my ($sql, @bind) = $self->_recurse_where($where);
472 $sql = $sql ? $self->_sqlcase(' where ') . "( $sql )" : '';
473
474 # order by?
475 if ($order) {
476 $sql .= $self->_order_by($order);
477 }
478
9d48860e 479 return wantarray ? ($sql, @bind) : $sql;
96449e8e 480}
481
482
483sub _recurse_where {
484 my ($self, $where, $logic) = @_;
485
486 # dispatch on appropriate method according to refkind of $where
487 my $method = $self->_METHOD_FOR_refkind("_where", $where);
311b2151 488
9d48860e 489 my ($sql, @bind) = $self->$method($where, $logic);
311b2151 490
9d48860e 491 # DBIx::Class directly calls _recurse_where in scalar context, so
311b2151 492 # we must implement it, even if not in the official API
9d48860e 493 return wantarray ? ($sql, @bind) : $sql;
96449e8e 494}
495
496
497
498#======================================================================
499# WHERE: top-level ARRAYREF
500#======================================================================
501
502
503sub _where_ARRAYREF {
5e1d09d5 504 my ($self, $where, $logic) = @_;
96449e8e 505
5e1d09d5 506 $logic = uc($logic || $self->{logic});
96449e8e 507 $logic eq 'AND' or $logic eq 'OR' or puke "unknown logic: $logic";
508
509 my @clauses = @$where;
510
96449e8e 511 my (@sql_clauses, @all_bind);
96449e8e 512 # need to use while() so can shift() for pairs
9d48860e 513 while (my $el = shift @clauses) {
96449e8e 514
515 # switch according to kind of $el and get corresponding ($sql, @bind)
516 my ($sql, @bind) = $self->_SWITCH_refkind($el, {
517
518 # skip empty elements, otherwise get invalid trailing AND stuff
519 ARRAYREF => sub {$self->_recurse_where($el) if @$el},
520
c94a6c93 521 ARRAYREFREF => sub {
522 my ($s, @b) = @$$el;
523 $self->_assert_bindval_matches_bindtype(@b);
524 ($s, @b);
525 },
474e3335 526
96449e8e 527 HASHREF => sub {$self->_recurse_where($el, 'and') if %$el},
96449e8e 528
529 SCALARREF => sub { ($$el); },
530
531 SCALAR => sub {# top-level arrayref with scalars, recurse in pairs
532 $self->_recurse_where({$el => shift(@clauses)})},
533
534 UNDEF => sub {puke "not supported : UNDEF in arrayref" },
535 });
536
4b7b6026 537 if ($sql) {
538 push @sql_clauses, $sql;
539 push @all_bind, @bind;
540 }
96449e8e 541 }
542
543 return $self->_join_sql_clauses($logic, \@sql_clauses, \@all_bind);
544}
545
474e3335 546#======================================================================
547# WHERE: top-level ARRAYREFREF
548#======================================================================
96449e8e 549
474e3335 550sub _where_ARRAYREFREF {
551 my ($self, $where) = @_;
c94a6c93 552 my ($sql, @bind) = @$$where;
553 $self->_assert_bindval_matches_bindtype(@bind);
474e3335 554 return ($sql, @bind);
555}
96449e8e 556
557#======================================================================
558# WHERE: top-level HASHREF
559#======================================================================
560
561sub _where_HASHREF {
562 my ($self, $where) = @_;
563 my (@sql_clauses, @all_bind);
564
2281c758 565 for my $k (sort keys %$where) {
96449e8e 566 my $v = $where->{$k};
567
2281c758 568 # ($k => $v) is either a special unary op or a regular hashpair
569 my ($sql, @bind) = do {
570 if ($k =~ /^-./) {
571 # put the operator in canonical form
572 my $op = $k;
b8db59b8 573 $op = substr $op, 1; # remove initial dash
2281c758 574 $op =~ s/^\s+|\s+$//g;# remove leading/trailing space
b8db59b8 575 $op =~ s/\s+/ /g; # compress whitespace
576
577 # so that -not_foo works correctly
578 $op =~ s/^not_/NOT /i;
2281c758 579
580 $self->_debug("Unary OP(-$op) within hashref, recursing...");
0ec3aec7 581 my ($s, @b) = $self->_where_unary_op ($op, $v);
582
583 # top level vs nested
584 # we assume that handled unary ops will take care of their ()s
585 $s = "($s)" unless (
586 List::Util::first {$op =~ $_->{regex}} @{$self->{unary_ops}}
587 or
588 defined($self->{_nested_func_lhs}) && ($self->{_nested_func_lhs} eq $k)
589 );
590 ($s, @b);
2281c758 591 }
592 else {
593 my $method = $self->_METHOD_FOR_refkind("_where_hashpair", $v);
594 $self->$method($k, $v);
595 }
596 };
96449e8e 597
598 push @sql_clauses, $sql;
599 push @all_bind, @bind;
600 }
601
602 return $self->_join_sql_clauses('and', \@sql_clauses, \@all_bind);
603}
604
0ec3aec7 605sub _where_unary_op {
2281c758 606 my ($self, $op, $rhs) = @_;
96449e8e 607
0ec3aec7 608 if (my $op_entry = List::Util::first {$op =~ $_->{regex}} @{$self->{unary_ops}}) {
609 my $handler = $op_entry->{handler};
610
611 if (not ref $handler) {
612 if ($op =~ s/ [_\s]? \d+ $//x ) {
613 belch 'Use of [and|or|nest]_N modifiers is deprecated and will be removed in SQLA v2.0. '
614 . "You probably wanted ...-and => [ -$op => COND1, -$op => COND2 ... ]";
615 }
616 return $self->$handler ($op, $rhs);
617 }
618 elsif (ref $handler eq 'CODE') {
619 return $handler->($self, $op, $rhs);
620 }
621 else {
622 puke "Illegal handler for operator $op - expecting a method name or a coderef";
623 }
624 }
625
3d86e3b1 626 $self->_debug("Generic unary OP: $op - recursing as function");
0ec3aec7 627
170e6c33 628 $self->_assert_pass_injection_guard($op);
b6251592 629
2281c758 630 my ($sql, @bind) = $self->_SWITCH_refkind ($rhs, {
631 SCALAR => sub {
a7661cfc 632 puke "Illegal use of top-level '$op'"
633 unless $self->{_nested_func_lhs};
634
635 return (
636 $self->_convert('?'),
637 $self->_bindtype($self->{_nested_func_lhs}, $rhs)
638 );
2281c758 639 },
640 FALLBACK => sub {
641 $self->_recurse_where ($rhs)
642 },
643 });
96449e8e 644
953d164e 645 $sql = sprintf ('%s %s',
2281c758 646 $self->_sqlcase($op),
953d164e 647 $sql,
2281c758 648 );
96449e8e 649
2281c758 650 return ($sql, @bind);
97a920ef 651}
652
653sub _where_op_ANDOR {
2281c758 654 my ($self, $op, $v) = @_;
97a920ef 655
656 $self->_SWITCH_refkind($v, {
657 ARRAYREF => sub {
658 return $self->_where_ARRAYREF($v, $op);
659 },
660
661 HASHREF => sub {
59f23b3d 662 return ( $op =~ /^or/i )
97a920ef 663 ? $self->_where_ARRAYREF( [ map { $_ => $v->{$_} } ( sort keys %$v ) ], $op )
664 : $self->_where_HASHREF($v);
665 },
666
9d48860e 667 SCALARREF => sub {
48d9f5f8 668 puke "-$op => \\\$scalar makes little sense, use " .
a0d6d323 669 ($op =~ /^or/i
48d9f5f8 670 ? '[ \$scalar, \%rest_of_conditions ] instead'
671 : '-and => [ \$scalar, \%rest_of_conditions ] instead'
672 );
97a920ef 673 },
674
675 ARRAYREFREF => sub {
48d9f5f8 676 puke "-$op => \\[...] makes little sense, use " .
a0d6d323 677 ($op =~ /^or/i
48d9f5f8 678 ? '[ \[...], \%rest_of_conditions ] instead'
679 : '-and => [ \[...], \%rest_of_conditions ] instead'
680 );
97a920ef 681 },
682
683 SCALAR => sub { # permissively interpreted as SQL
48d9f5f8 684 puke "-$op => \$value makes little sense, use -bool => \$value instead";
97a920ef 685 },
686
687 UNDEF => sub {
688 puke "-$op => undef not supported";
689 },
690 });
691}
692
693sub _where_op_NEST {
9d48860e 694 my ($self, $op, $v) = @_;
97a920ef 695
96449e8e 696 $self->_SWITCH_refkind($v, {
697
96449e8e 698 SCALAR => sub { # permissively interpreted as SQL
01a01e57 699 belch "literal SQL should be -nest => \\'scalar' "
700 . "instead of -nest => 'scalar' ";
9d48860e 701 return ($v);
96449e8e 702 },
703
704 UNDEF => sub {
705 puke "-$op => undef not supported";
706 },
e9501094 707
708 FALLBACK => sub {
709 $self->_recurse_where ($v);
710 },
711
96449e8e 712 });
713}
714
715
97a920ef 716sub _where_op_BOOL {
9d48860e 717 my ($self, $op, $v) = @_;
97a920ef 718
b8db59b8 719 my ($s, @b) = $self->_SWITCH_refkind($v, {
720 SCALAR => sub { # interpreted as SQL column
721 $self->_convert($self->_quote($v));
722 },
ef03f1bc 723
b8db59b8 724 UNDEF => sub {
725 puke "-$op => undef not supported";
726 },
97a920ef 727
b8db59b8 728 FALLBACK => sub {
729 $self->_recurse_where ($v);
730 },
731 });
ef03f1bc 732
b8db59b8 733 $s = "(NOT $s)" if $op =~ /^not/i;
734 ($s, @b);
97a920ef 735}
736
737
cc422895 738sub _where_op_IDENT {
739 my $self = shift;
740 my ($op, $rhs) = splice @_, -2;
8aa76984 741 if (! defined $rhs or length ref $rhs) {
742 puke "-$op requires a single plain scalar argument (a quotable identifier)";
cc422895 743 }
744
745 # in case we are called as a top level special op (no '=')
746 my $lhs = shift;
747
748 $_ = $self->_convert($self->_quote($_)) for ($lhs, $rhs);
749
750 return $lhs
751 ? "$lhs = $rhs"
752 : $rhs
753 ;
754}
755
756sub _where_op_VALUE {
757 my $self = shift;
758 my ($op, $rhs) = splice @_, -2;
759
760 # in case we are called as a top level special op (no '=')
761 my $lhs = shift;
762
422ed2de 763 # special-case NULL
764 if (! defined $rhs) {
765 return $lhs
766 ? $self->_convert($self->_quote($lhs)) . ' IS NULL'
767 : undef
768 ;
769 }
770
cc422895 771 my @bind =
772 $self->_bindtype (
773 ($lhs || $self->{_nested_func_lhs}),
774 $rhs,
775 )
776 ;
777
778 return $lhs
779 ? (
780 $self->_convert($self->_quote($lhs)) . ' = ' . $self->_convert('?'),
781 @bind
782 )
783 : (
784 $self->_convert('?'),
785 @bind,
786 )
787 ;
788}
789
96449e8e 790sub _where_hashpair_ARRAYREF {
791 my ($self, $k, $v) = @_;
792
793 if( @$v ) {
794 my @v = @$v; # need copy because of shift below
795 $self->_debug("ARRAY($k) means distribute over elements");
796
797 # put apart first element if it is an operator (-and, -or)
e3cecb45 798 my $op = (
799 (defined $v[0] && $v[0] =~ /^ - (?: AND|OR ) $/ix)
800 ? shift @v
801 : ''
04d940de 802 );
96449e8e 803 my @distributed = map { {$k => $_} } @v;
04d940de 804
805 if ($op) {
806 $self->_debug("OP($op) reinjected into the distributed array");
807 unshift @distributed, $op;
808 }
809
f67591bf 810 my $logic = $op ? substr($op, 1) : '';
96449e8e 811
f67591bf 812 return $self->_recurse_where(\@distributed, $logic);
9d48860e 813 }
96449e8e 814 else {
96449e8e 815 $self->_debug("empty ARRAY($k) means 0=1");
816 return ($self->{sqlfalse});
817 }
818}
819
820sub _where_hashpair_HASHREF {
eb49170d 821 my ($self, $k, $v, $logic) = @_;
822 $logic ||= 'and';
96449e8e 823
a7661cfc 824 local $self->{_nested_func_lhs} = $self->{_nested_func_lhs};
a7661cfc 825
eb49170d 826 my ($all_sql, @all_bind);
96449e8e 827
a47b433a 828 for my $orig_op (sort keys %$v) {
829 my $val = $v->{$orig_op};
96449e8e 830
831 # put the operator in canonical form
a47b433a 832 my $op = $orig_op;
b8db59b8 833
834 # FIXME - we need to phase out dash-less ops
835 $op =~ s/^-//; # remove possible initial dash
a47b433a 836 $op =~ s/^\s+|\s+$//g;# remove leading/trailing space
b8db59b8 837 $op =~ s/\s+/ /g; # compress whitespace
838
170e6c33 839 $self->_assert_pass_injection_guard($op);
b6251592 840
b9b5a0b1 841 # fixup is_not
842 $op =~ s/^is_not/IS NOT/i;
843
b8db59b8 844 # so that -not_foo works correctly
845 $op =~ s/^not_/NOT /i;
96449e8e 846
422ed2de 847 # another retarded special case: foo => { $op => { -value => undef } }
848 if (ref $val eq 'HASH' and keys %$val == 1 and exists $val->{-value} and ! defined $val->{-value} ) {
849 $val = undef;
850 }
851
96449e8e 852 my ($sql, @bind);
853
2281c758 854 # CASE: col-value logic modifiers
855 if ( $orig_op =~ /^ \- (and|or) $/xi ) {
856 ($sql, @bind) = $self->_where_hashpair_HASHREF($k, $val, $1);
857 }
96449e8e 858 # CASE: special operators like -in or -between
312d830b 859 elsif ( my $special_op = List::Util::first {$op =~ $_->{regex}} @{$self->{special_ops}} ) {
3a2e1a5e 860 my $handler = $special_op->{handler};
861 if (! $handler) {
a47b433a 862 puke "No handler supplied for special operator $orig_op";
3a2e1a5e 863 }
864 elsif (not ref $handler) {
865 ($sql, @bind) = $self->$handler ($k, $op, $val);
866 }
867 elsif (ref $handler eq 'CODE') {
868 ($sql, @bind) = $handler->($self, $k, $op, $val);
869 }
870 else {
a47b433a 871 puke "Illegal handler for special operator $orig_op - expecting a method name or a coderef";
3a2e1a5e 872 }
96449e8e 873 }
96449e8e 874 else {
cf838930 875 $self->_SWITCH_refkind($val, {
876
877 ARRAYREF => sub { # CASE: col => {op => \@vals}
878 ($sql, @bind) = $self->_where_field_op_ARRAYREF($k, $op, $val);
879 },
880
fe3ae272 881 ARRAYREFREF => sub { # CASE: col => {op => \[$sql, @bind]} (literal SQL with bind)
b3be7bd0 882 my ($sub_sql, @sub_bind) = @$$val;
fe3ae272 883 $self->_assert_bindval_matches_bindtype(@sub_bind);
b3be7bd0 884 $sql = join ' ', $self->_convert($self->_quote($k)),
885 $self->_sqlcase($op),
886 $sub_sql;
fe3ae272 887 @bind = @sub_bind;
b3be7bd0 888 },
889
cf838930 890 UNDEF => sub { # CASE: col => {op => undef} : sql "IS (NOT)? NULL"
3cdadcbe 891 my $is =
40f2f231 892 $op =~ /^not$/i ? 'is not' # legacy
893 : $op =~ $self->{equality_op} ? 'is'
3cdadcbe 894 : $op =~ $self->{like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is'
895 : $op =~ $self->{inequality_op} ? 'is not'
896 : $op =~ $self->{not_like_op} ? belch("Supplying an undefined argument to '@{[ uc $op]}' is deprecated") && 'is not'
897 : puke "unexpected operator '$orig_op' with undef operand";
898
cf838930 899 $sql = $self->_quote($k) . $self->_sqlcase(" $is null");
900 },
a47b433a 901
2281c758 902 FALLBACK => sub { # CASE: col => {op/func => $stuff}
07936978 903
953d164e 904 # retain for proper column type bind
905 $self->{_nested_func_lhs} ||= $k;
07936978 906
0ec3aec7 907 ($sql, @bind) = $self->_where_unary_op ($op, $val);
953d164e 908
909 $sql = join (' ',
910 $self->_convert($self->_quote($k)),
911 $self->{_nested_func_lhs} eq $k ? $sql : "($sql)", # top level vs nested
912 );
cf838930 913 },
914 });
96449e8e 915 }
916
eb49170d 917 ($all_sql) = (defined $all_sql and $all_sql) ? $self->_join_sql_clauses($logic, [$all_sql, $sql], []) : $sql;
96449e8e 918 push @all_bind, @bind;
919 }
eb49170d 920 return ($all_sql, @all_bind);
96449e8e 921}
922
b9b5a0b1 923sub _where_field_IS {
924 my ($self, $k, $op, $v) = @_;
925
926 my ($s) = $self->_SWITCH_refkind($v, {
927 UNDEF => sub {
928 join ' ',
929 $self->_convert($self->_quote($k)),
930 map { $self->_sqlcase($_)} ($op, 'null')
931 },
932 FALLBACK => sub {
933 puke "$op can only take undef as argument";
934 },
935 });
96449e8e 936
b9b5a0b1 937 $s;
938}
96449e8e 939
940sub _where_field_op_ARRAYREF {
941 my ($self, $k, $op, $vals) = @_;
942
ce261791 943 my @vals = @$vals; #always work on a copy
944
945 if(@vals) {
bd6a65ca 946 $self->_debug(sprintf '%s means multiple elements: [ %s ]',
947 $vals,
948 join (', ', map { defined $_ ? "'$_'" : 'NULL' } @vals ),
949 );
96449e8e 950
4030915f 951 # see if the first element is an -and/-or op
952 my $logic;
bd6a65ca 953 if (defined $vals[0] && $vals[0] =~ /^ - ( AND|OR ) $/ix) {
4030915f 954 $logic = uc $1;
ce261791 955 shift @vals;
4030915f 956 }
957
3cdadcbe 958 # a long standing API wart - an attempt to change this behavior during
959 # the 1.50 series failed *spectacularly*. Warn instead and leave the
960 # behavior as is
961 if (
962 @vals > 1
963 and
964 (!$logic or $logic eq 'OR')
965 and
966 ( $op =~ $self->{inequality_op} or $op =~ $self->{not_like_op} )
967 ) {
968 my $o = uc($op);
969 belch "A multi-element arrayref as an argument to the inequality op '$o' "
970 . 'is technically equivalent to an always-true 1=1 (you probably wanted '
971 . "to say ...{ \$inequality_op => [ -and => \@values ] }... instead)"
972 ;
973 }
974
ce261791 975 # distribute $op over each remaining member of @vals, append logic if exists
976 return $self->_recurse_where([map { {$k => {$op, $_}} } @vals], $logic);
4030915f 977
9d48860e 978 }
96449e8e 979 else {
9d48860e 980 # try to DWIM on equality operators
3cdadcbe 981 return
982 $op =~ $self->{equality_op} ? $self->{sqlfalse}
983 : $op =~ $self->{like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->{sqlfalse}
984 : $op =~ $self->{inequality_op} ? $self->{sqltrue}
985 : $op =~ $self->{not_like_op} ? belch("Supplying an empty arrayref to '@{[ uc $op]}' is deprecated") && $self->{sqltrue}
986 : puke "operator '$op' applied on an empty array (field '$k')";
96449e8e 987 }
988}
989
990
991sub _where_hashpair_SCALARREF {
992 my ($self, $k, $v) = @_;
993 $self->_debug("SCALAR($k) means literal SQL: $$v");
994 my $sql = $self->_quote($k) . " " . $$v;
995 return ($sql);
996}
997
fe3ae272 998# literal SQL with bind
96449e8e 999sub _where_hashpair_ARRAYREFREF {
1000 my ($self, $k, $v) = @_;
1001 $self->_debug("REF($k) means literal SQL: @${$v}");
c94a6c93 1002 my ($sql, @bind) = @$$v;
fe3ae272 1003 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1004 $sql = $self->_quote($k) . " " . $sql;
96449e8e 1005 return ($sql, @bind );
1006}
1007
fe3ae272 1008# literal SQL without bind
96449e8e 1009sub _where_hashpair_SCALAR {
1010 my ($self, $k, $v) = @_;
1011 $self->_debug("NOREF($k) means simple key=val: $k $self->{cmp} $v");
9d48860e 1012 my $sql = join ' ', $self->_convert($self->_quote($k)),
1013 $self->_sqlcase($self->{cmp}),
96449e8e 1014 $self->_convert('?');
1015 my @bind = $self->_bindtype($k, $v);
1016 return ( $sql, @bind);
1017}
1018
1019
1020sub _where_hashpair_UNDEF {
1021 my ($self, $k, $v) = @_;
1022 $self->_debug("UNDEF($k) means IS NULL");
1023 my $sql = $self->_quote($k) . $self->_sqlcase(' is null');
1024 return ($sql);
1025}
1026
1027#======================================================================
1028# WHERE: TOP-LEVEL OTHERS (SCALARREF, SCALAR, UNDEF)
1029#======================================================================
1030
1031
1032sub _where_SCALARREF {
1033 my ($self, $where) = @_;
1034
1035 # literal sql
1036 $self->_debug("SCALAR(*top) means literal SQL: $$where");
1037 return ($$where);
1038}
1039
1040
1041sub _where_SCALAR {
1042 my ($self, $where) = @_;
1043
1044 # literal sql
1045 $self->_debug("NOREF(*top) means literal SQL: $where");
1046 return ($where);
1047}
1048
1049
1050sub _where_UNDEF {
1051 my ($self) = @_;
1052 return ();
1053}
1054
1055
1056#======================================================================
1057# WHERE: BUILTIN SPECIAL OPERATORS (-in, -between)
1058#======================================================================
1059
1060
1061sub _where_field_BETWEEN {
1062 my ($self, $k, $op, $vals) = @_;
1063
4d8b3dc4 1064 my ($label, $and, $placeholder);
cf02fc47 1065 $label = $self->_convert($self->_quote($k));
1066 $and = ' ' . $self->_sqlcase('and') . ' ';
1067 $placeholder = $self->_convert('?');
96449e8e 1068 $op = $self->_sqlcase($op);
1069
7f54040f 1070 my $invalid_args = "Operator '$op' requires either an arrayref with two defined values or expressions, or a single literal scalarref/arrayref-ref";
1071
4d8b3dc4 1072 my ($clause, @bind) = $self->_SWITCH_refkind($vals, {
1073 ARRAYREFREF => sub {
c94a6c93 1074 my ($s, @b) = @$$vals;
1075 $self->_assert_bindval_matches_bindtype(@b);
1076 ($s, @b);
4d8b3dc4 1077 },
1078 SCALARREF => sub {
1079 return $$vals;
1080 },
1081 ARRAYREF => sub {
7f54040f 1082 puke $invalid_args if @$vals != 2;
4d8b3dc4 1083
1084 my (@all_sql, @all_bind);
1085 foreach my $val (@$vals) {
1086 my ($sql, @bind) = $self->_SWITCH_refkind($val, {
1087 SCALAR => sub {
5e5cbf51 1088 return ($placeholder, $self->_bindtype($k, $val) );
4d8b3dc4 1089 },
1090 SCALARREF => sub {
0336eddb 1091 return $$val;
4d8b3dc4 1092 },
1093 ARRAYREFREF => sub {
1094 my ($sql, @bind) = @$$val;
c94a6c93 1095 $self->_assert_bindval_matches_bindtype(@bind);
0336eddb 1096 return ($sql, @bind);
4d8b3dc4 1097 },
0336eddb 1098 HASHREF => sub {
1099 my ($func, $arg, @rest) = %$val;
1100 puke ("Only simple { -func => arg } functions accepted as sub-arguments to BETWEEN")
1101 if (@rest or $func !~ /^ \- (.+)/x);
1102 local $self->{_nested_func_lhs} = $k;
0ec3aec7 1103 $self->_where_unary_op ($1 => $arg);
7f54040f 1104 },
1105 FALLBACK => sub {
1106 puke $invalid_args,
1107 },
4d8b3dc4 1108 });
1109 push @all_sql, $sql;
1110 push @all_bind, @bind;
1111 }
1112
1113 return (
1114 (join $and, @all_sql),
5e5cbf51 1115 @all_bind
4d8b3dc4 1116 );
1117 },
1118 FALLBACK => sub {
7f54040f 1119 puke $invalid_args,
4d8b3dc4 1120 },
1121 });
cf02fc47 1122
cf02fc47 1123 my $sql = "( $label $op $clause )";
96449e8e 1124 return ($sql, @bind)
1125}
1126
1127
1128sub _where_field_IN {
1129 my ($self, $k, $op, $vals) = @_;
1130
1131 # backwards compatibility : if scalar, force into an arrayref
1132 $vals = [$vals] if defined $vals && ! ref $vals;
1133
96449e8e 1134 my ($label) = $self->_convert($self->_quote($k));
1135 my ($placeholder) = $self->_convert('?');
96449e8e 1136 $op = $self->_sqlcase($op);
1137
8a0d798a 1138 my ($sql, @bind) = $self->_SWITCH_refkind($vals, {
1139 ARRAYREF => sub { # list of choices
1140 if (@$vals) { # nonempty list
0336eddb 1141 my (@all_sql, @all_bind);
1142
1143 for my $val (@$vals) {
1144 my ($sql, @bind) = $self->_SWITCH_refkind($val, {
1145 SCALAR => sub {
1146 return ($placeholder, $val);
1147 },
1148 SCALARREF => sub {
1149 return $$val;
1150 },
1151 ARRAYREFREF => sub {
1152 my ($sql, @bind) = @$$val;
1153 $self->_assert_bindval_matches_bindtype(@bind);
1154 return ($sql, @bind);
1155 },
1156 HASHREF => sub {
1157 my ($func, $arg, @rest) = %$val;
1158 puke ("Only simple { -func => arg } functions accepted as sub-arguments to IN")
1159 if (@rest or $func !~ /^ \- (.+)/x);
1160 local $self->{_nested_func_lhs} = $k;
0ec3aec7 1161 $self->_where_unary_op ($1 => $arg);
279eb282 1162 },
1163 UNDEF => sub {
032dfe20 1164 puke(
1165 'SQL::Abstract before v1.75 used to generate incorrect SQL when the '
1166 . "-$op operator was given an undef-containing list: !!!AUDIT YOUR CODE "
1167 . 'AND DATA!!! (the upcoming Data::Query-based version of SQL::Abstract '
1168 . 'will emit the logically correct SQL instead of raising this exception)'
1169 );
279eb282 1170 },
0336eddb 1171 });
1172 push @all_sql, $sql;
1173 push @all_bind, @bind;
1174 }
96449e8e 1175
88a89939 1176 return (
1177 sprintf ('%s %s ( %s )',
1178 $label,
1179 $op,
1180 join (', ', @all_sql)
1181 ),
1182 $self->_bindtype($k, @all_bind),
0336eddb 1183 );
8a0d798a 1184 }
1185 else { # empty list : some databases won't understand "IN ()", so DWIM
1186 my $sql = ($op =~ /\bnot\b/i) ? $self->{sqltrue} : $self->{sqlfalse};
1187 return ($sql);
1188 }
1189 },
1190
4a1f01a3 1191 SCALARREF => sub { # literal SQL
1192 my $sql = $self->_open_outer_paren ($$vals);
1193 return ("$label $op ( $sql )");
1194 },
8a0d798a 1195 ARRAYREFREF => sub { # literal SQL with bind
1196 my ($sql, @bind) = @$$vals;
fe3ae272 1197 $self->_assert_bindval_matches_bindtype(@bind);
4a1f01a3 1198 $sql = $self->_open_outer_paren ($sql);
8a0d798a 1199 return ("$label $op ( $sql )", @bind);
1200 },
1201
ff8ca6b4 1202 UNDEF => sub {
1203 puke "Argument passed to the '$op' operator can not be undefined";
1204 },
1205
8a0d798a 1206 FALLBACK => sub {
ff8ca6b4 1207 puke "special op $op requires an arrayref (or scalarref/arrayref-ref)";
8a0d798a 1208 },
1209 });
1210
1211 return ($sql, @bind);
96449e8e 1212}
1213
4a1f01a3 1214# Some databases (SQLite) treat col IN (1, 2) different from
1215# col IN ( (1, 2) ). Use this to strip all outer parens while
1216# adding them back in the corresponding method
1217sub _open_outer_paren {
1218 my ($self, $sql) = @_;
171a709f 1219 $sql = $1 while $sql =~ /^ \s* \( (.*) \) \s* $/xs;
4a1f01a3 1220 return $sql;
1221}
1222
96449e8e 1223
96449e8e 1224#======================================================================
1225# ORDER BY
1226#======================================================================
1227
1228sub _order_by {
1229 my ($self, $arg) = @_;
1230
f267b646 1231 my (@sql, @bind);
1232 for my $c ($self->_order_by_chunks ($arg) ) {
1233 $self->_SWITCH_refkind ($c, {
1234 SCALAR => sub { push @sql, $c },
1235 ARRAYREF => sub { push @sql, shift @$c; push @bind, @$c },
1236 });
1237 }
1238
1239 my $sql = @sql
1240 ? sprintf ('%s %s',
1241 $self->_sqlcase(' order by'),
1242 join (', ', @sql)
1243 )
1244 : ''
1245 ;
1246
1247 return wantarray ? ($sql, @bind) : $sql;
1248}
1249
1250sub _order_by_chunks {
1251 my ($self, $arg) = @_;
1252
1253 return $self->_SWITCH_refkind($arg, {
96449e8e 1254
1255 ARRAYREF => sub {
f267b646 1256 map { $self->_order_by_chunks ($_ ) } @$arg;
96449e8e 1257 },
1258
c94a6c93 1259 ARRAYREFREF => sub {
1260 my ($s, @b) = @$$arg;
1261 $self->_assert_bindval_matches_bindtype(@b);
1262 [ $s, @b ];
1263 },
f267b646 1264
96449e8e 1265 SCALAR => sub {$self->_quote($arg)},
f267b646 1266
1267 UNDEF => sub {return () },
1268
96449e8e 1269 SCALARREF => sub {$$arg}, # literal SQL, no quoting
96449e8e 1270
f267b646 1271 HASHREF => sub {
5e436130 1272 # get first pair in hash
1273 my ($key, $val, @rest) = %$arg;
1274
1275 return () unless $key;
1276
1277 if ( @rest or not $key =~ /^-(desc|asc)/i ) {
1278 puke "hash passed to _order_by must have exactly one key (-desc or -asc)";
f267b646 1279 }
5e436130 1280
1281 my $direction = $1;
96449e8e 1282
e9bd3547 1283 my @ret;
f267b646 1284 for my $c ($self->_order_by_chunks ($val)) {
e9bd3547 1285 my ($sql, @bind);
96449e8e 1286
f267b646 1287 $self->_SWITCH_refkind ($c, {
1288 SCALAR => sub {
e9bd3547 1289 $sql = $c;
f267b646 1290 },
1291 ARRAYREF => sub {
e9bd3547 1292 ($sql, @bind) = @$c;
f267b646 1293 },
1294 });
96449e8e 1295
5e436130 1296 $sql = $sql . ' ' . $self->_sqlcase($direction);
96449e8e 1297
e9bd3547 1298 push @ret, [ $sql, @bind];
1299 }
96449e8e 1300
e9bd3547 1301 return @ret;
f267b646 1302 },
1303 });
96449e8e 1304}
1305
1306
96449e8e 1307#======================================================================
1308# DATASOURCE (FOR NOW, JUST PLAIN TABLE OR LIST OF TABLES)
1309#======================================================================
1310
1311sub _table {
1312 my $self = shift;
1313 my $from = shift;
1314 $self->_SWITCH_refkind($from, {
1315 ARRAYREF => sub {join ', ', map { $self->_quote($_) } @$from;},
1316 SCALAR => sub {$self->_quote($from)},
1317 SCALARREF => sub {$$from},
96449e8e 1318 });
1319}
1320
1321
1322#======================================================================
1323# UTILITY FUNCTIONS
1324#======================================================================
1325
955e77ca 1326# highly optimized, as it's called way too often
96449e8e 1327sub _quote {
955e77ca 1328 # my ($self, $label) = @_;
96449e8e 1329
955e77ca 1330 return '' unless defined $_[1];
955e77ca 1331 return ${$_[1]} if ref($_[1]) eq 'SCALAR';
96449e8e 1332
b6251592 1333 unless ($_[0]->{quote_char}) {
170e6c33 1334 $_[0]->_assert_pass_injection_guard($_[1]);
b6251592 1335 return $_[1];
1336 }
96449e8e 1337
07d7c35c 1338 my $qref = ref $_[0]->{quote_char};
955e77ca 1339 my ($l, $r);
07d7c35c 1340 if (!$qref) {
1341 ($l, $r) = ( $_[0]->{quote_char}, $_[0]->{quote_char} );
955e77ca 1342 }
07d7c35c 1343 elsif ($qref eq 'ARRAY') {
1344 ($l, $r) = @{$_[0]->{quote_char}};
955e77ca 1345 }
1346 else {
1347 puke "Unsupported quote_char format: $_[0]->{quote_char}";
1348 }
46be4313 1349 my $esc = $_[0]->{escape_char} || $r;
96449e8e 1350
07d7c35c 1351 # parts containing * are naturally unquoted
1352 return join( $_[0]->{name_sep}||'', map
46be4313 1353 { $_ eq '*' ? $_ : do { (my $n = $_) =~ s/(\Q$esc\E|\Q$r\E)/$esc$1/g; $l . $n . $r } }
955e77ca 1354 ( $_[0]->{name_sep} ? split (/\Q$_[0]->{name_sep}\E/, $_[1] ) : $_[1] )
1355 );
96449e8e 1356}
1357
1358
1359# Conversion, if applicable
1360sub _convert ($) {
07d7c35c 1361 #my ($self, $arg) = @_;
07d7c35c 1362 if ($_[0]->{convert}) {
1363 return $_[0]->_sqlcase($_[0]->{convert}) .'(' . $_[1] . ')';
96449e8e 1364 }
07d7c35c 1365 return $_[1];
96449e8e 1366}
1367
1368# And bindtype
1369sub _bindtype (@) {
07d7c35c 1370 #my ($self, $col, @vals) = @_;
07d7c35c 1371 # called often - tighten code
1372 return $_[0]->{bindtype} eq 'columns'
1373 ? map {[$_[1], $_]} @_[2 .. $#_]
1374 : @_[2 .. $#_]
1375 ;
96449e8e 1376}
1377
fe3ae272 1378# Dies if any element of @bind is not in [colname => value] format
1379# if bindtype is 'columns'.
1380sub _assert_bindval_matches_bindtype {
c94a6c93 1381# my ($self, @bind) = @_;
1382 my $self = shift;
fe3ae272 1383 if ($self->{bindtype} eq 'columns') {
c94a6c93 1384 for (@_) {
1385 if (!defined $_ || ref($_) ne 'ARRAY' || @$_ != 2) {
3a06278c 1386 puke "bindtype 'columns' selected, you need to pass: [column_name => bind_value]"
fe3ae272 1387 }
1388 }
1389 }
1390}
1391
96449e8e 1392sub _join_sql_clauses {
1393 my ($self, $logic, $clauses_aref, $bind_aref) = @_;
1394
1395 if (@$clauses_aref > 1) {
1396 my $join = " " . $self->_sqlcase($logic) . " ";
1397 my $sql = '( ' . join($join, @$clauses_aref) . ' )';
1398 return ($sql, @$bind_aref);
1399 }
1400 elsif (@$clauses_aref) {
1401 return ($clauses_aref->[0], @$bind_aref); # no parentheses
1402 }
1403 else {
1404 return (); # if no SQL, ignore @$bind_aref
1405 }
1406}
1407
1408
1409# Fix SQL case, if so requested
1410sub _sqlcase {
96449e8e 1411 # LDNOTE: if $self->{case} is true, then it contains 'lower', so we
1412 # don't touch the argument ... crooked logic, but let's not change it!
07d7c35c 1413 return $_[0]->{case} ? $_[1] : uc($_[1]);
96449e8e 1414}
1415
1416
1417#======================================================================
1418# DISPATCHING FROM REFKIND
1419#======================================================================
1420
1421sub _refkind {
1422 my ($self, $data) = @_;
96449e8e 1423
955e77ca 1424 return 'UNDEF' unless defined $data;
1425
1426 # blessed objects are treated like scalars
1427 my $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1428
1429 return 'SCALAR' unless $ref;
1430
1431 my $n_steps = 1;
1432 while ($ref eq 'REF') {
96449e8e 1433 $data = $$data;
955e77ca 1434 $ref = (Scalar::Util::blessed $data) ? '' : ref $data;
1435 $n_steps++ if $ref;
96449e8e 1436 }
1437
848556bc 1438 return ($ref||'SCALAR') . ('REF' x $n_steps);
96449e8e 1439}
1440
1441sub _try_refkind {
1442 my ($self, $data) = @_;
1443 my @try = ($self->_refkind($data));
1444 push @try, 'SCALAR_or_UNDEF' if $try[0] eq 'SCALAR' || $try[0] eq 'UNDEF';
1445 push @try, 'FALLBACK';
955e77ca 1446 return \@try;
96449e8e 1447}
1448
1449sub _METHOD_FOR_refkind {
1450 my ($self, $meth_prefix, $data) = @_;
f39eaa60 1451
1452 my $method;
955e77ca 1453 for (@{$self->_try_refkind($data)}) {
f39eaa60 1454 $method = $self->can($meth_prefix."_".$_)
1455 and last;
1456 }
1457
1458 return $method || puke "cannot dispatch on '$meth_prefix' for ".$self->_refkind($data);
96449e8e 1459}
1460
1461
1462sub _SWITCH_refkind {
1463 my ($self, $data, $dispatch_table) = @_;
1464
f39eaa60 1465 my $coderef;
955e77ca 1466 for (@{$self->_try_refkind($data)}) {
f39eaa60 1467 $coderef = $dispatch_table->{$_}
1468 and last;
1469 }
1470
1471 puke "no dispatch entry for ".$self->_refkind($data)
1472 unless $coderef;
1473
96449e8e 1474 $coderef->();
1475}
1476
1477
1478
1479
1480#======================================================================
1481# VALUES, GENERATE, AUTOLOAD
1482#======================================================================
1483
1484# LDNOTE: original code from nwiger, didn't touch code in that section
1485# I feel the AUTOLOAD stuff should not be the default, it should
1486# only be activated on explicit demand by user.
1487
1488sub values {
1489 my $self = shift;
1490 my $data = shift || return;
1491 puke "Argument to ", __PACKAGE__, "->values must be a \\%hash"
1492 unless ref $data eq 'HASH';
bab725ce 1493
1494 my @all_bind;
1495 foreach my $k ( sort keys %$data ) {
1496 my $v = $data->{$k};
1497 $self->_SWITCH_refkind($v, {
9d48860e 1498 ARRAYREF => sub {
bab725ce 1499 if ($self->{array_datatypes}) { # array datatype
1500 push @all_bind, $self->_bindtype($k, $v);
1501 }
1502 else { # literal SQL with bind
1503 my ($sql, @bind) = @$v;
1504 $self->_assert_bindval_matches_bindtype(@bind);
1505 push @all_bind, @bind;
1506 }
1507 },
1508 ARRAYREFREF => sub { # literal SQL with bind
1509 my ($sql, @bind) = @${$v};
1510 $self->_assert_bindval_matches_bindtype(@bind);
1511 push @all_bind, @bind;
1512 },
1513 SCALARREF => sub { # literal SQL without bind
1514 },
1515 SCALAR_or_UNDEF => sub {
1516 push @all_bind, $self->_bindtype($k, $v);
1517 },
1518 });
1519 }
1520
1521 return @all_bind;
96449e8e 1522}
1523
1524sub generate {
1525 my $self = shift;
1526
1527 my(@sql, @sqlq, @sqlv);
1528
1529 for (@_) {
1530 my $ref = ref $_;
1531 if ($ref eq 'HASH') {
1532 for my $k (sort keys %$_) {
1533 my $v = $_->{$k};
1534 my $r = ref $v;
1535 my $label = $self->_quote($k);
1536 if ($r eq 'ARRAY') {
fe3ae272 1537 # literal SQL with bind
1538 my ($sql, @bind) = @$v;
1539 $self->_assert_bindval_matches_bindtype(@bind);
96449e8e 1540 push @sqlq, "$label = $sql";
fe3ae272 1541 push @sqlv, @bind;
96449e8e 1542 } elsif ($r eq 'SCALAR') {
fe3ae272 1543 # literal SQL without bind
96449e8e 1544 push @sqlq, "$label = $$v";
9d48860e 1545 } else {
96449e8e 1546 push @sqlq, "$label = ?";
1547 push @sqlv, $self->_bindtype($k, $v);
1548 }
1549 }
1550 push @sql, $self->_sqlcase('set'), join ', ', @sqlq;
1551 } elsif ($ref eq 'ARRAY') {
1552 # unlike insert(), assume these are ONLY the column names, i.e. for SQL
1553 for my $v (@$_) {
1554 my $r = ref $v;
fe3ae272 1555 if ($r eq 'ARRAY') { # literal SQL with bind
1556 my ($sql, @bind) = @$v;
1557 $self->_assert_bindval_matches_bindtype(@bind);
1558 push @sqlq, $sql;
1559 push @sqlv, @bind;
1560 } elsif ($r eq 'SCALAR') { # literal SQL without bind
96449e8e 1561 # embedded literal SQL
1562 push @sqlq, $$v;
9d48860e 1563 } else {
96449e8e 1564 push @sqlq, '?';
1565 push @sqlv, $v;
1566 }
1567 }
1568 push @sql, '(' . join(', ', @sqlq) . ')';
1569 } elsif ($ref eq 'SCALAR') {
1570 # literal SQL
1571 push @sql, $$_;
1572 } else {
1573 # strings get case twiddled
1574 push @sql, $self->_sqlcase($_);
1575 }
1576 }
1577
1578 my $sql = join ' ', @sql;
1579
1580 # this is pretty tricky
1581 # if ask for an array, return ($stmt, @bind)
1582 # otherwise, s/?/shift @sqlv/ to put it inline
1583 if (wantarray) {
1584 return ($sql, @sqlv);
1585 } else {
1586 1 while $sql =~ s/\?/my $d = shift(@sqlv);
1587 ref $d ? $d->[1] : $d/e;
1588 return $sql;
1589 }
1590}
1591
1592
1593sub DESTROY { 1 }
1594
1595sub AUTOLOAD {
1596 # This allows us to check for a local, then _form, attr
1597 my $self = shift;
1598 my($name) = $AUTOLOAD =~ /.*::(.+)/;
1599 return $self->generate($name, @_);
1600}
1601
16021;
1603
1604
1605
1606__END__
32eab2da 1607
1608=head1 NAME
1609
1610SQL::Abstract - Generate SQL from Perl data structures
1611
1612=head1 SYNOPSIS
1613
1614 use SQL::Abstract;
1615
1616 my $sql = SQL::Abstract->new;
1617
521647e7 1618 my($stmt, @bind) = $sql->select($source, \@fields, \%where, \@order);
32eab2da 1619
1620 my($stmt, @bind) = $sql->insert($table, \%fieldvals || \@values);
1621
1622 my($stmt, @bind) = $sql->update($table, \%fieldvals, \%where);
1623
1624 my($stmt, @bind) = $sql->delete($table, \%where);
1625
1626 # Then, use these in your DBI statements
1627 my $sth = $dbh->prepare($stmt);
1628 $sth->execute(@bind);
1629
1630 # Just generate the WHERE clause
abe72f94 1631 my($stmt, @bind) = $sql->where(\%where, \@order);
32eab2da 1632
1633 # Return values in the same order, for hashed queries
1634 # See PERFORMANCE section for more details
1635 my @bind = $sql->values(\%fieldvals);
1636
1637=head1 DESCRIPTION
1638
1639This module was inspired by the excellent L<DBIx::Abstract>.
1640However, in using that module I found that what I really wanted
1641to do was generate SQL, but still retain complete control over my
1642statement handles and use the DBI interface. So, I set out to
1643create an abstract SQL generation module.
1644
1645While based on the concepts used by L<DBIx::Abstract>, there are
1646several important differences, especially when it comes to WHERE
1647clauses. I have modified the concepts used to make the SQL easier
1648to generate from Perl data structures and, IMO, more intuitive.
1649The underlying idea is for this module to do what you mean, based
1650on the data structures you provide it. The big advantage is that
1651you don't have to modify your code every time your data changes,
1652as this module figures it out.
1653
1654To begin with, an SQL INSERT is as easy as just specifying a hash
1655of C<key=value> pairs:
1656
1657 my %data = (
1658 name => 'Jimbo Bobson',
1659 phone => '123-456-7890',
1660 address => '42 Sister Lane',
1661 city => 'St. Louis',
1662 state => 'Louisiana',
1663 );
1664
1665The SQL can then be generated with this:
1666
1667 my($stmt, @bind) = $sql->insert('people', \%data);
1668
1669Which would give you something like this:
1670
1671 $stmt = "INSERT INTO people
1672 (address, city, name, phone, state)
1673 VALUES (?, ?, ?, ?, ?)";
1674 @bind = ('42 Sister Lane', 'St. Louis', 'Jimbo Bobson',
1675 '123-456-7890', 'Louisiana');
1676
1677These are then used directly in your DBI code:
1678
1679 my $sth = $dbh->prepare($stmt);
1680 $sth->execute(@bind);
1681
96449e8e 1682=head2 Inserting and Updating Arrays
1683
1684If your database has array types (like for example Postgres),
1685activate the special option C<< array_datatypes => 1 >>
9d48860e 1686when creating the C<SQL::Abstract> object.
96449e8e 1687Then you may use an arrayref to insert and update database array types:
1688
1689 my $sql = SQL::Abstract->new(array_datatypes => 1);
1690 my %data = (
1691 planets => [qw/Mercury Venus Earth Mars/]
1692 );
9d48860e 1693
96449e8e 1694 my($stmt, @bind) = $sql->insert('solar_system', \%data);
1695
1696This results in:
1697
1698 $stmt = "INSERT INTO solar_system (planets) VALUES (?)"
1699
1700 @bind = (['Mercury', 'Venus', 'Earth', 'Mars']);
1701
1702
1703=head2 Inserting and Updating SQL
1704
1705In order to apply SQL functions to elements of your C<%data> you may
1706specify a reference to an arrayref for the given hash value. For example,
1707if you need to execute the Oracle C<to_date> function on a value, you can
1708say something like this:
32eab2da 1709
1710 my %data = (
1711 name => 'Bill',
96449e8e 1712 date_entered => \["to_date(?,'MM/DD/YYYY')", "03/02/2003"],
9d48860e 1713 );
32eab2da 1714
1715The first value in the array is the actual SQL. Any other values are
1716optional and would be included in the bind values array. This gives
1717you:
1718
1719 my($stmt, @bind) = $sql->insert('people', \%data);
1720
9d48860e 1721 $stmt = "INSERT INTO people (name, date_entered)
32eab2da 1722 VALUES (?, to_date(?,'MM/DD/YYYY'))";
1723 @bind = ('Bill', '03/02/2003');
1724
1725An UPDATE is just as easy, all you change is the name of the function:
1726
1727 my($stmt, @bind) = $sql->update('people', \%data);
1728
1729Notice that your C<%data> isn't touched; the module will generate
1730the appropriately quirky SQL for you automatically. Usually you'll
1731want to specify a WHERE clause for your UPDATE, though, which is
1732where handling C<%where> hashes comes in handy...
1733
96449e8e 1734=head2 Complex where statements
1735
32eab2da 1736This module can generate pretty complicated WHERE statements
1737easily. For example, simple C<key=value> pairs are taken to mean
1738equality, and if you want to see if a field is within a set
1739of values, you can use an arrayref. Let's say we wanted to
1740SELECT some data based on this criteria:
1741
1742 my %where = (
1743 requestor => 'inna',
1744 worker => ['nwiger', 'rcwe', 'sfz'],
1745 status => { '!=', 'completed' }
1746 );
1747
1748 my($stmt, @bind) = $sql->select('tickets', '*', \%where);
1749
1750The above would give you something like this:
1751
1752 $stmt = "SELECT * FROM tickets WHERE
1753 ( requestor = ? ) AND ( status != ? )
1754 AND ( worker = ? OR worker = ? OR worker = ? )";
1755 @bind = ('inna', 'completed', 'nwiger', 'rcwe', 'sfz');
1756
1757Which you could then use in DBI code like so:
1758
1759 my $sth = $dbh->prepare($stmt);
1760 $sth->execute(@bind);
1761
1762Easy, eh?
1763
0da0fe34 1764=head1 METHODS
32eab2da 1765
0da0fe34 1766The methods are simple. There's one for each major SQL operation,
32eab2da 1767and a constructor you use first. The arguments are specified in a
0da0fe34 1768similar order to each method (table, then fields, then a where
32eab2da 1769clause) to try and simplify things.
1770
32eab2da 1771=head2 new(option => 'value')
1772
1773The C<new()> function takes a list of options and values, and returns
1774a new B<SQL::Abstract> object which can then be used to generate SQL
1775through the methods below. The options accepted are:
1776
1777=over
1778
1779=item case
1780
1781If set to 'lower', then SQL will be generated in all lowercase. By
1782default SQL is generated in "textbook" case meaning something like:
1783
1784 SELECT a_field FROM a_table WHERE some_field LIKE '%someval%'
1785
96449e8e 1786Any setting other than 'lower' is ignored.
1787
32eab2da 1788=item cmp
1789
1790This determines what the default comparison operator is. By default
1791it is C<=>, meaning that a hash like this:
1792
1793 %where = (name => 'nwiger', email => 'nate@wiger.org');
1794
1795Will generate SQL like this:
1796
1797 WHERE name = 'nwiger' AND email = 'nate@wiger.org'
1798
1799However, you may want loose comparisons by default, so if you set
1800C<cmp> to C<like> you would get SQL such as:
1801
1802 WHERE name like 'nwiger' AND email like 'nate@wiger.org'
1803
3af02ccb 1804You can also override the comparison on an individual basis - see
32eab2da 1805the huge section on L</"WHERE CLAUSES"> at the bottom.
1806
96449e8e 1807=item sqltrue, sqlfalse
1808
1809Expressions for inserting boolean values within SQL statements.
6e0c6552 1810By default these are C<1=1> and C<1=0>. They are used
1811by the special operators C<-in> and C<-not_in> for generating
1812correct SQL even when the argument is an empty array (see below).
96449e8e 1813
32eab2da 1814=item logic
1815
1816This determines the default logical operator for multiple WHERE
7cac25e6 1817statements in arrays or hashes. If absent, the default logic is "or"
1818for arrays, and "and" for hashes. This means that a WHERE
32eab2da 1819array of the form:
1820
1821 @where = (
9d48860e 1822 event_date => {'>=', '2/13/99'},
1823 event_date => {'<=', '4/24/03'},
32eab2da 1824 );
1825
7cac25e6 1826will generate SQL like this:
32eab2da 1827
1828 WHERE event_date >= '2/13/99' OR event_date <= '4/24/03'
1829
1830This is probably not what you want given this query, though (look
1831at the dates). To change the "OR" to an "AND", simply specify:
1832
1833 my $sql = SQL::Abstract->new(logic => 'and');
1834
1835Which will change the above C<WHERE> to:
1836
1837 WHERE event_date >= '2/13/99' AND event_date <= '4/24/03'
1838
96449e8e 1839The logic can also be changed locally by inserting
7cac25e6 1840a modifier in front of an arrayref :
96449e8e 1841
9d48860e 1842 @where = (-and => [event_date => {'>=', '2/13/99'},
7cac25e6 1843 event_date => {'<=', '4/24/03'} ]);
96449e8e 1844
1845See the L</"WHERE CLAUSES"> section for explanations.
1846
32eab2da 1847=item convert
1848
1849This will automatically convert comparisons using the specified SQL
1850function for both column and value. This is mostly used with an argument
1851of C<upper> or C<lower>, so that the SQL will have the effect of
1852case-insensitive "searches". For example, this:
1853
1854 $sql = SQL::Abstract->new(convert => 'upper');
1855 %where = (keywords => 'MaKe iT CAse inSeNSItive');
1856
1857Will turn out the following SQL:
1858
1859 WHERE upper(keywords) like upper('MaKe iT CAse inSeNSItive')
1860
1861The conversion can be C<upper()>, C<lower()>, or any other SQL function
1862that can be applied symmetrically to fields (actually B<SQL::Abstract> does
1863not validate this option; it will just pass through what you specify verbatim).
1864
1865=item bindtype
1866
1867This is a kludge because many databases suck. For example, you can't
1868just bind values using DBI's C<execute()> for Oracle C<CLOB> or C<BLOB> fields.
1869Instead, you have to use C<bind_param()>:
1870
1871 $sth->bind_param(1, 'reg data');
1872 $sth->bind_param(2, $lots, {ora_type => ORA_CLOB});
1873
1874The problem is, B<SQL::Abstract> will normally just return a C<@bind> array,
1875which loses track of which field each slot refers to. Fear not.
1876
1877If you specify C<bindtype> in new, you can determine how C<@bind> is returned.
1878Currently, you can specify either C<normal> (default) or C<columns>. If you
1879specify C<columns>, you will get an array that looks like this:
1880
1881 my $sql = SQL::Abstract->new(bindtype => 'columns');
1882 my($stmt, @bind) = $sql->insert(...);
1883
1884 @bind = (
1885 [ 'column1', 'value1' ],
1886 [ 'column2', 'value2' ],
1887 [ 'column3', 'value3' ],
1888 );
1889
1890You can then iterate through this manually, using DBI's C<bind_param()>.
e3f9dff4 1891
32eab2da 1892 $sth->prepare($stmt);
1893 my $i = 1;
1894 for (@bind) {
1895 my($col, $data) = @$_;
1896 if ($col eq 'details' || $col eq 'comments') {
1897 $sth->bind_param($i, $data, {ora_type => ORA_CLOB});
1898 } elsif ($col eq 'image') {
1899 $sth->bind_param($i, $data, {ora_type => ORA_BLOB});
1900 } else {
1901 $sth->bind_param($i, $data);
1902 }
1903 $i++;
1904 }
1905 $sth->execute; # execute without @bind now
1906
1907Now, why would you still use B<SQL::Abstract> if you have to do this crap?
1908Basically, the advantage is still that you don't have to care which fields
1909are or are not included. You could wrap that above C<for> loop in a simple
1910sub called C<bind_fields()> or something and reuse it repeatedly. You still
1911get a layer of abstraction over manual SQL specification.
1912
deb148a2 1913Note that if you set L</bindtype> to C<columns>, the C<\[$sql, @bind]>
1914construct (see L</Literal SQL with placeholders and bind values (subqueries)>)
1915will expect the bind values in this format.
1916
32eab2da 1917=item quote_char
1918
1919This is the character that a table or column name will be quoted
9d48860e 1920with. By default this is an empty string, but you could set it to
32eab2da 1921the character C<`>, to generate SQL like this:
1922
1923 SELECT `a_field` FROM `a_table` WHERE `some_field` LIKE '%someval%'
1924
96449e8e 1925Alternatively, you can supply an array ref of two items, the first being the left
1926hand quote character, and the second the right hand quote character. For
1927example, you could supply C<['[',']']> for SQL Server 2000 compliant quotes
1928that generates SQL like this:
1929
1930 SELECT [a_field] FROM [a_table] WHERE [some_field] LIKE '%someval%'
1931
9d48860e 1932Quoting is useful if you have tables or columns names that are reserved
96449e8e 1933words in your database's SQL dialect.
32eab2da 1934
46be4313 1935=item escape_char
1936
1937This is the character that will be used to escape L</quote_char>s appearing
1938in an identifier before it has been quoted.
1939
1940The paramter default in case of a single L</quote_char> character is the quote
1941character itself.
1942
1943When opening-closing-style quoting is used (L</quote_char> is an arrayref)
1944this parameter defaults to the B<closing (right)> L</quote_char>. Occurences
1945of the B<opening (left)> L</quote_char> within the identifier are currently left
1946untouched. The default for opening-closing-style quotes may change in future
1947versions, thus you are B<strongly encouraged> to specify the escape character
1948explicitly.
1949
32eab2da 1950=item name_sep
1951
1952This is the character that separates a table and column name. It is
1953necessary to specify this when the C<quote_char> option is selected,
1954so that tables and column names can be individually quoted like this:
1955
1956 SELECT `table`.`one_field` FROM `table` WHERE `table`.`other_field` = 1
1957
b6251592 1958=item injection_guard
1959
1960A regular expression C<qr/.../> that is applied to any C<-function> and unquoted
1961column name specified in a query structure. This is a safety mechanism to avoid
1962injection attacks when mishandling user input e.g.:
1963
1964 my %condition_as_column_value_pairs = get_values_from_user();
1965 $sqla->select( ... , \%condition_as_column_value_pairs );
1966
1967If the expression matches an exception is thrown. Note that literal SQL
1968supplied via C<\'...'> or C<\['...']> is B<not> checked in any way.
1969
1970Defaults to checking for C<;> and the C<GO> keyword (TransactSQL)
1971
96449e8e 1972=item array_datatypes
32eab2da 1973
9d48860e 1974When this option is true, arrayrefs in INSERT or UPDATE are
1975interpreted as array datatypes and are passed directly
96449e8e 1976to the DBI layer.
1977When this option is false, arrayrefs are interpreted
1978as literal SQL, just like refs to arrayrefs
1979(but this behavior is for backwards compatibility; when writing
1980new queries, use the "reference to arrayref" syntax
1981for literal SQL).
32eab2da 1982
32eab2da 1983
96449e8e 1984=item special_ops
32eab2da 1985
9d48860e 1986Takes a reference to a list of "special operators"
96449e8e 1987to extend the syntax understood by L<SQL::Abstract>.
1988See section L</"SPECIAL OPERATORS"> for details.
32eab2da 1989
59f23b3d 1990=item unary_ops
1991
9d48860e 1992Takes a reference to a list of "unary operators"
59f23b3d 1993to extend the syntax understood by L<SQL::Abstract>.
1994See section L</"UNARY OPERATORS"> for details.
1995
32eab2da 1996
32eab2da 1997
96449e8e 1998=back
32eab2da 1999
02288357 2000=head2 insert($table, \@values || \%fieldvals, \%options)
32eab2da 2001
2002This is the simplest function. You simply give it a table name
2003and either an arrayref of values or hashref of field/value pairs.
2004It returns an SQL INSERT statement and a list of bind values.
96449e8e 2005See the sections on L</"Inserting and Updating Arrays"> and
2006L</"Inserting and Updating SQL"> for information on how to insert
2007with those data types.
32eab2da 2008
02288357 2009The optional C<\%options> hash reference may contain additional
2010options to generate the insert SQL. Currently supported options
2011are:
2012
2013=over 4
2014
2015=item returning
2016
2017Takes either a scalar of raw SQL fields, or an array reference of
2018field names, and adds on an SQL C<RETURNING> statement at the end.
2019This allows you to return data generated by the insert statement
2020(such as row IDs) without performing another C<SELECT> statement.
2021Note, however, this is not part of the SQL standard and may not
2022be supported by all database engines.
2023
2024=back
2025
32eab2da 2026=head2 update($table, \%fieldvals, \%where)
2027
2028This takes a table, hashref of field/value pairs, and an optional
86298391 2029hashref L<WHERE clause|/WHERE CLAUSES>. It returns an SQL UPDATE function and a list
32eab2da 2030of bind values.
96449e8e 2031See the sections on L</"Inserting and Updating Arrays"> and
2032L</"Inserting and Updating SQL"> for information on how to insert
2033with those data types.
32eab2da 2034
96449e8e 2035=head2 select($source, $fields, $where, $order)
32eab2da 2036
9d48860e 2037This returns a SQL SELECT statement and associated list of bind values, as
96449e8e 2038specified by the arguments :
32eab2da 2039
96449e8e 2040=over
32eab2da 2041
96449e8e 2042=item $source
32eab2da 2043
9d48860e 2044Specification of the 'FROM' part of the statement.
96449e8e 2045The argument can be either a plain scalar (interpreted as a table
2046name, will be quoted), or an arrayref (interpreted as a list
2047of table names, joined by commas, quoted), or a scalarref
2048(literal table name, not quoted), or a ref to an arrayref
2049(list of literal table names, joined by commas, not quoted).
32eab2da 2050
96449e8e 2051=item $fields
32eab2da 2052
9d48860e 2053Specification of the list of fields to retrieve from
96449e8e 2054the source.
2055The argument can be either an arrayref (interpreted as a list
9d48860e 2056of field names, will be joined by commas and quoted), or a
96449e8e 2057plain scalar (literal SQL, not quoted).
521647e7 2058Please observe that this API is not as flexible as that of
2059the first argument C<$source>, for backwards compatibility reasons.
32eab2da 2060
96449e8e 2061=item $where
32eab2da 2062
96449e8e 2063Optional argument to specify the WHERE part of the query.
2064The argument is most often a hashref, but can also be
9d48860e 2065an arrayref or plain scalar --
96449e8e 2066see section L<WHERE clause|/"WHERE CLAUSES"> for details.
32eab2da 2067
96449e8e 2068=item $order
32eab2da 2069
96449e8e 2070Optional argument to specify the ORDER BY part of the query.
9d48860e 2071The argument can be a scalar, a hashref or an arrayref
96449e8e 2072-- see section L<ORDER BY clause|/"ORDER BY CLAUSES">
2073for details.
32eab2da 2074
96449e8e 2075=back
32eab2da 2076
32eab2da 2077
2078=head2 delete($table, \%where)
2079
86298391 2080This takes a table name and optional hashref L<WHERE clause|/WHERE CLAUSES>.
32eab2da 2081It returns an SQL DELETE statement and list of bind values.
2082
32eab2da 2083=head2 where(\%where, \@order)
2084
2085This is used to generate just the WHERE clause. For example,
2086if you have an arbitrary data structure and know what the
2087rest of your SQL is going to look like, but want an easy way
2088to produce a WHERE clause, use this. It returns an SQL WHERE
2089clause and list of bind values.
2090
32eab2da 2091
2092=head2 values(\%data)
2093
2094This just returns the values from the hash C<%data>, in the same
2095order that would be returned from any of the other above queries.
2096Using this allows you to markedly speed up your queries if you
2097are affecting lots of rows. See below under the L</"PERFORMANCE"> section.
2098
32eab2da 2099=head2 generate($any, 'number', $of, \@data, $struct, \%types)
2100
2101Warning: This is an experimental method and subject to change.
2102
2103This returns arbitrarily generated SQL. It's a really basic shortcut.
2104It will return two different things, depending on return context:
2105
2106 my($stmt, @bind) = $sql->generate('create table', \$table, \@fields);
2107 my $stmt_and_val = $sql->generate('create table', \$table, \@fields);
2108
2109These would return the following:
2110
2111 # First calling form
2112 $stmt = "CREATE TABLE test (?, ?)";
2113 @bind = (field1, field2);
2114
2115 # Second calling form
2116 $stmt_and_val = "CREATE TABLE test (field1, field2)";
2117
2118Depending on what you're trying to do, it's up to you to choose the correct
2119format. In this example, the second form is what you would want.
2120
2121By the same token:
2122
2123 $sql->generate('alter session', { nls_date_format => 'MM/YY' });
2124
2125Might give you:
2126
2127 ALTER SESSION SET nls_date_format = 'MM/YY'
2128
2129You get the idea. Strings get their case twiddled, but everything
2130else remains verbatim.
2131
0da0fe34 2132=head1 EXPORTABLE FUNCTIONS
2133
2134=head2 is_plain_value
2135
2136Determines if the supplied argument is a plain value as understood by this
2137module:
2138
2139=over
2140
2141=item * The value is C<undef>
2142
2143=item * The value is a non-reference
2144
2145=item * The value is an object with stringification overloading
2146
2147=item * The value is of the form C<< { -value => $anything } >>
2148
2149=back
2150
2151On failure returns C<undef>, on sucess returns a reference to a single
2152element array containing the string-version of the supplied argument or
2153C<[ undef ]> in case of an undefined initial argument.
2154
2155=head2 is_literal_value
2156
2157Determines if the supplied argument is a literal value as understood by this
2158module:
2159
2160=over
2161
2162=item * C<\$sql_string>
2163
2164=item * C<\[ $sql_string, @bind_values ]>
2165
2166=item * C<< { -ident => $plain_defined_string } >>
2167
2168=back
2169
2170On failure returns C<undef>, on sucess returns a reference to an array
2171cotaining the unpacked version of the supplied literal SQL and bind values.
2172
32eab2da 2173=head1 WHERE CLAUSES
2174
96449e8e 2175=head2 Introduction
2176
32eab2da 2177This module uses a variation on the idea from L<DBIx::Abstract>. It
2178is B<NOT>, repeat I<not> 100% compatible. B<The main logic of this
2179module is that things in arrays are OR'ed, and things in hashes
2180are AND'ed.>
2181
2182The easiest way to explain is to show lots of examples. After
2183each C<%where> hash shown, it is assumed you used:
2184
2185 my($stmt, @bind) = $sql->where(\%where);
2186
2187However, note that the C<%where> hash can be used directly in any
2188of the other functions as well, as described above.
2189
96449e8e 2190=head2 Key-value pairs
2191
32eab2da 2192So, let's get started. To begin, a simple hash:
2193
2194 my %where = (
2195 user => 'nwiger',
2196 status => 'completed'
2197 );
2198
2199Is converted to SQL C<key = val> statements:
2200
2201 $stmt = "WHERE user = ? AND status = ?";
2202 @bind = ('nwiger', 'completed');
2203
2204One common thing I end up doing is having a list of values that
2205a field can be in. To do this, simply specify a list inside of
2206an arrayref:
2207
2208 my %where = (
2209 user => 'nwiger',
2210 status => ['assigned', 'in-progress', 'pending'];
2211 );
2212
2213This simple code will create the following:
9d48860e 2214
32eab2da 2215 $stmt = "WHERE user = ? AND ( status = ? OR status = ? OR status = ? )";
2216 @bind = ('nwiger', 'assigned', 'in-progress', 'pending');
2217
9d48860e 2218A field associated to an empty arrayref will be considered a
7cac25e6 2219logical false and will generate 0=1.
8a68b5be 2220
b864ba9b 2221=head2 Tests for NULL values
2222
2223If the value part is C<undef> then this is converted to SQL <IS NULL>
2224
2225 my %where = (
2226 user => 'nwiger',
2227 status => undef,
2228 );
2229
2230becomes:
2231
2232 $stmt = "WHERE user = ? AND status IS NULL";
2233 @bind = ('nwiger');
2234
e9614080 2235To test if a column IS NOT NULL:
2236
2237 my %where = (
2238 user => 'nwiger',
2239 status => { '!=', undef },
2240 );
cc422895 2241
6e0c6552 2242=head2 Specific comparison operators
96449e8e 2243
32eab2da 2244If you want to specify a different type of operator for your comparison,
2245you can use a hashref for a given column:
2246
2247 my %where = (
2248 user => 'nwiger',
2249 status => { '!=', 'completed' }
2250 );
2251
2252Which would generate:
2253
2254 $stmt = "WHERE user = ? AND status != ?";
2255 @bind = ('nwiger', 'completed');
2256
2257To test against multiple values, just enclose the values in an arrayref:
2258
96449e8e 2259 status => { '=', ['assigned', 'in-progress', 'pending'] };
2260
f2d5020d 2261Which would give you:
96449e8e 2262
2263 "WHERE status = ? OR status = ? OR status = ?"
2264
2265
2266The hashref can also contain multiple pairs, in which case it is expanded
32eab2da 2267into an C<AND> of its elements:
2268
2269 my %where = (
2270 user => 'nwiger',
2271 status => { '!=', 'completed', -not_like => 'pending%' }
2272 );
2273
2274 # Or more dynamically, like from a form
2275 $where{user} = 'nwiger';
2276 $where{status}{'!='} = 'completed';
2277 $where{status}{'-not_like'} = 'pending%';
2278
2279 # Both generate this
2280 $stmt = "WHERE user = ? AND status != ? AND status NOT LIKE ?";
2281 @bind = ('nwiger', 'completed', 'pending%');
2282
96449e8e 2283
32eab2da 2284To get an OR instead, you can combine it with the arrayref idea:
2285
2286 my %where => (
2287 user => 'nwiger',
1a6f2a03 2288 priority => [ { '=', 2 }, { '>', 5 } ]
32eab2da 2289 );
2290
2291Which would generate:
2292
1a6f2a03 2293 $stmt = "WHERE ( priority = ? OR priority > ? ) AND user = ?";
2294 @bind = ('2', '5', 'nwiger');
32eab2da 2295
44b9e502 2296If you want to include literal SQL (with or without bind values), just use a
2297scalar reference or array reference as the value:
2298
2299 my %where = (
2300 date_entered => { '>' => \["to_date(?, 'MM/DD/YYYY')", "11/26/2008"] },
2301 date_expires => { '<' => \"now()" }
2302 );
2303
2304Which would generate:
2305
2306 $stmt = "WHERE date_entered > "to_date(?, 'MM/DD/YYYY') AND date_expires < now()";
2307 @bind = ('11/26/2008');
2308
96449e8e 2309
2310=head2 Logic and nesting operators
2311
2312In the example above,
2313there is a subtle trap if you want to say something like
32eab2da 2314this (notice the C<AND>):
2315
2316 WHERE priority != ? AND priority != ?
2317
2318Because, in Perl you I<can't> do this:
2319
2320 priority => { '!=', 2, '!=', 1 }
2321
2322As the second C<!=> key will obliterate the first. The solution
2323is to use the special C<-modifier> form inside an arrayref:
2324
9d48860e 2325 priority => [ -and => {'!=', 2},
96449e8e 2326 {'!=', 1} ]
2327
32eab2da 2328
2329Normally, these would be joined by C<OR>, but the modifier tells it
2330to use C<AND> instead. (Hint: You can use this in conjunction with the
2331C<logic> option to C<new()> in order to change the way your queries
2332work by default.) B<Important:> Note that the C<-modifier> goes
2333B<INSIDE> the arrayref, as an extra first element. This will
2334B<NOT> do what you think it might:
2335
2336 priority => -and => [{'!=', 2}, {'!=', 1}] # WRONG!
2337
2338Here is a quick list of equivalencies, since there is some overlap:
2339
2340 # Same
2341 status => {'!=', 'completed', 'not like', 'pending%' }
2342 status => [ -and => {'!=', 'completed'}, {'not like', 'pending%'}]
2343
2344 # Same
2345 status => {'=', ['assigned', 'in-progress']}
2346 status => [ -or => {'=', 'assigned'}, {'=', 'in-progress'}]
2347 status => [ {'=', 'assigned'}, {'=', 'in-progress'} ]
2348
e3f9dff4 2349
2350
96449e8e 2351=head2 Special operators : IN, BETWEEN, etc.
2352
32eab2da 2353You can also use the hashref format to compare a list of fields using the
2354C<IN> comparison operator, by specifying the list as an arrayref:
2355
2356 my %where = (
2357 status => 'completed',
2358 reportid => { -in => [567, 2335, 2] }
2359 );
2360
2361Which would generate:
2362
2363 $stmt = "WHERE status = ? AND reportid IN (?,?,?)";
2364 @bind = ('completed', '567', '2335', '2');
2365
9d48860e 2366The reverse operator C<-not_in> generates SQL C<NOT IN> and is used in
96449e8e 2367the same way.
2368
6e0c6552 2369If the argument to C<-in> is an empty array, 'sqlfalse' is generated
2370(by default : C<1=0>). Similarly, C<< -not_in => [] >> generates
2371'sqltrue' (by default : C<1=1>).
2372
e41c3bdd 2373In addition to the array you can supply a chunk of literal sql or
2374literal sql with bind:
6e0c6552 2375
e41c3bdd 2376 my %where = {
2377 customer => { -in => \[
2378 'SELECT cust_id FROM cust WHERE balance > ?',
2379 2000,
2380 ],
2381 status => { -in => \'SELECT status_codes FROM states' },
2382 };
6e0c6552 2383
e41c3bdd 2384would generate:
2385
2386 $stmt = "WHERE (
2387 customer IN ( SELECT cust_id FROM cust WHERE balance > ? )
2388 AND status IN ( SELECT status_codes FROM states )
2389 )";
2390 @bind = ('2000');
2391
0dfd2442 2392Finally, if the argument to C<-in> is not a reference, it will be
2393treated as a single-element array.
e41c3bdd 2394
2395Another pair of operators is C<-between> and C<-not_between>,
96449e8e 2396used with an arrayref of two values:
32eab2da 2397
2398 my %where = (
2399 user => 'nwiger',
2400 completion_date => {
2401 -not_between => ['2002-10-01', '2003-02-06']
2402 }
2403 );
2404
2405Would give you:
2406
2407 WHERE user = ? AND completion_date NOT BETWEEN ( ? AND ? )
2408
e41c3bdd 2409Just like with C<-in> all plausible combinations of literal SQL
2410are possible:
2411
2412 my %where = {
2413 start0 => { -between => [ 1, 2 ] },
2414 start1 => { -between => \["? AND ?", 1, 2] },
2415 start2 => { -between => \"lower(x) AND upper(y)" },
9d48860e 2416 start3 => { -between => [
e41c3bdd 2417 \"lower(x)",
2418 \["upper(?)", 'stuff' ],
2419 ] },
2420 };
2421
2422Would give you:
2423
2424 $stmt = "WHERE (
2425 ( start0 BETWEEN ? AND ? )
2426 AND ( start1 BETWEEN ? AND ? )
2427 AND ( start2 BETWEEN lower(x) AND upper(y) )
2428 AND ( start3 BETWEEN lower(x) AND upper(?) )
2429 )";
2430 @bind = (1, 2, 1, 2, 'stuff');
2431
2432
9d48860e 2433These are the two builtin "special operators"; but the
96449e8e 2434list can be expanded : see section L</"SPECIAL OPERATORS"> below.
2435
59f23b3d 2436=head2 Unary operators: bool
97a920ef 2437
2438If you wish to test against boolean columns or functions within your
2439database you can use the C<-bool> and C<-not_bool> operators. For
2440example to test the column C<is_user> being true and the column
827bb0eb 2441C<is_enabled> being false you would use:-
97a920ef 2442
2443 my %where = (
2444 -bool => 'is_user',
2445 -not_bool => 'is_enabled',
2446 );
2447
2448Would give you:
2449
277b5d3f 2450 WHERE is_user AND NOT is_enabled
97a920ef 2451
0b604e9d 2452If a more complex combination is required, testing more conditions,
2453then you should use the and/or operators:-
2454
2455 my %where = (
2456 -and => [
2457 -bool => 'one',
23401b81 2458 -not_bool => { two=> { -rlike => 'bar' } },
2459 -not_bool => { three => [ { '=', 2 }, { '>', 5 } ] },
0b604e9d 2460 ],
2461 );
2462
2463Would give you:
2464
23401b81 2465 WHERE
2466 one
2467 AND
2468 (NOT two RLIKE ?)
2469 AND
2470 (NOT ( three = ? OR three > ? ))
97a920ef 2471
2472
107b72f1 2473=head2 Nested conditions, -and/-or prefixes
96449e8e 2474
32eab2da 2475So far, we've seen how multiple conditions are joined with a top-level
2476C<AND>. We can change this by putting the different conditions we want in
2477hashes and then putting those hashes in an array. For example:
2478
2479 my @where = (
2480 {
2481 user => 'nwiger',
2482 status => { -like => ['pending%', 'dispatched'] },
2483 },
2484 {
2485 user => 'robot',
2486 status => 'unassigned',
2487 }
2488 );
2489
2490This data structure would create the following:
2491
2492 $stmt = "WHERE ( user = ? AND ( status LIKE ? OR status LIKE ? ) )
2493 OR ( user = ? AND status = ? ) )";
2494 @bind = ('nwiger', 'pending', 'dispatched', 'robot', 'unassigned');
2495
107b72f1 2496
48d9f5f8 2497Clauses in hashrefs or arrayrefs can be prefixed with an C<-and> or C<-or>
2498to change the logic inside :
32eab2da 2499
2500 my @where = (
2501 -and => [
2502 user => 'nwiger',
48d9f5f8 2503 [
2504 -and => [ workhrs => {'>', 20}, geo => 'ASIA' ],
2505 -or => { workhrs => {'<', 50}, geo => 'EURO' },
32eab2da 2506 ],
2507 ],
2508 );
2509
2510That would yield:
2511
48d9f5f8 2512 WHERE ( user = ? AND (
2513 ( workhrs > ? AND geo = ? )
2514 OR ( workhrs < ? OR geo = ? )
2515 ) )
107b72f1 2516
cc422895 2517=head3 Algebraic inconsistency, for historical reasons
107b72f1 2518
7cac25e6 2519C<Important note>: when connecting several conditions, the C<-and->|C<-or>
2520operator goes C<outside> of the nested structure; whereas when connecting
2521several constraints on one column, the C<-and> operator goes
2522C<inside> the arrayref. Here is an example combining both features :
2523
2524 my @where = (
2525 -and => [a => 1, b => 2],
2526 -or => [c => 3, d => 4],
2527 e => [-and => {-like => 'foo%'}, {-like => '%bar'} ]
2528 )
2529
2530yielding
2531
9d48860e 2532 WHERE ( ( ( a = ? AND b = ? )
2533 OR ( c = ? OR d = ? )
7cac25e6 2534 OR ( e LIKE ? AND e LIKE ? ) ) )
2535
107b72f1 2536This difference in syntax is unfortunate but must be preserved for
2537historical reasons. So be careful : the two examples below would
2538seem algebraically equivalent, but they are not
2539
9d48860e 2540 {col => [-and => {-like => 'foo%'}, {-like => '%bar'}]}
107b72f1 2541 # yields : WHERE ( ( col LIKE ? AND col LIKE ? ) )
2542
9d48860e 2543 [-and => {col => {-like => 'foo%'}, {col => {-like => '%bar'}}]]
107b72f1 2544 # yields : WHERE ( ( col LIKE ? OR col LIKE ? ) )
2545
7cac25e6 2546
cc422895 2547=head2 Literal SQL and value type operators
96449e8e 2548
cc422895 2549The basic premise of SQL::Abstract is that in WHERE specifications the "left
2550side" is a column name and the "right side" is a value (normally rendered as
2551a placeholder). This holds true for both hashrefs and arrayref pairs as you
2552see in the L</WHERE CLAUSES> examples above. Sometimes it is necessary to
2553alter this behavior. There are several ways of doing so.
e9614080 2554
cc422895 2555=head3 -ident
2556
2557This is a virtual operator that signals the string to its right side is an
2558identifier (a column name) and not a value. For example to compare two
2559columns you would write:
32eab2da 2560
e9614080 2561 my %where = (
2562 priority => { '<', 2 },
cc422895 2563 requestor => { -ident => 'submitter' },
e9614080 2564 );
2565
2566which creates:
2567
2568 $stmt = "WHERE priority < ? AND requestor = submitter";
2569 @bind = ('2');
2570
cc422895 2571If you are maintaining legacy code you may see a different construct as
2572described in L</Deprecated usage of Literal SQL>, please use C<-ident> in new
2573code.
2574
2575=head3 -value
e9614080 2576
cc422895 2577This is a virtual operator that signals that the construct to its right side
2578is a value to be passed to DBI. This is for example necessary when you want
2579to write a where clause against an array (for RDBMS that support such
2580datatypes). For example:
e9614080 2581
32eab2da 2582 my %where = (
cc422895 2583 array => { -value => [1, 2, 3] }
32eab2da 2584 );
2585
cc422895 2586will result in:
32eab2da 2587
cc422895 2588 $stmt = 'WHERE array = ?';
2589 @bind = ([1, 2, 3]);
32eab2da 2590
cc422895 2591Note that if you were to simply say:
32eab2da 2592
2593 my %where = (
cc422895 2594 array => [1, 2, 3]
32eab2da 2595 );
2596
3af02ccb 2597the result would probably not be what you wanted:
cc422895 2598
2599 $stmt = 'WHERE array = ? OR array = ? OR array = ?';
2600 @bind = (1, 2, 3);
2601
2602=head3 Literal SQL
96449e8e 2603
cc422895 2604Finally, sometimes only literal SQL will do. To include a random snippet
2605of SQL verbatim, you specify it as a scalar reference. Consider this only
2606as a last resort. Usually there is a better way. For example:
96449e8e 2607
2608 my %where = (
cc422895 2609 priority => { '<', 2 },
2610 requestor => { -in => \'(SELECT name FROM hitmen)' },
96449e8e 2611 );
2612
cc422895 2613Would create:
96449e8e 2614
cc422895 2615 $stmt = "WHERE priority < ? AND requestor IN (SELECT name FROM hitmen)"
2616 @bind = (2);
2617
2618Note that in this example, you only get one bind parameter back, since
2619the verbatim SQL is passed as part of the statement.
2620
2621=head4 CAVEAT
2622
2623 Never use untrusted input as a literal SQL argument - this is a massive
2624 security risk (there is no way to check literal snippets for SQL
2625 injections and other nastyness). If you need to deal with untrusted input
2626 use literal SQL with placeholders as described next.
96449e8e 2627
cc422895 2628=head3 Literal SQL with placeholders and bind values (subqueries)
96449e8e 2629
2630If the literal SQL to be inserted has placeholders and bind values,
2631use a reference to an arrayref (yes this is a double reference --
2632not so common, but perfectly legal Perl). For example, to find a date
2633in Postgres you can use something like this:
2634
2635 my %where = (
2636 date_column => \[q/= date '2008-09-30' - ?::integer/, 10/]
2637 )
2638
2639This would create:
2640
d2a8fe1a 2641 $stmt = "WHERE ( date_column = date '2008-09-30' - ?::integer )"
96449e8e 2642 @bind = ('10');
2643
deb148a2 2644Note that you must pass the bind values in the same format as they are returned
62552e7d 2645by L</where>. That means that if you set L</bindtype> to C<columns>, you must
26f2dca5 2646provide the bind values in the C<< [ column_meta => value ] >> format, where
2647C<column_meta> is an opaque scalar value; most commonly the column name, but
62552e7d 2648you can use any scalar value (including references and blessed references),
2649L<SQL::Abstract> will simply pass it through intact. So if C<bindtype> is set
2650to C<columns> the above example will look like:
deb148a2 2651
2652 my %where = (
2653 date_column => \[q/= date '2008-09-30' - ?::integer/, [ dummy => 10 ]/]
2654 )
96449e8e 2655
2656Literal SQL is especially useful for nesting parenthesized clauses in the
2657main SQL query. Here is a first example :
2658
2659 my ($sub_stmt, @sub_bind) = ("SELECT c1 FROM t1 WHERE c2 < ? AND c3 LIKE ?",
2660 100, "foo%");
2661 my %where = (
2662 foo => 1234,
2663 bar => \["IN ($sub_stmt)" => @sub_bind],
2664 );
2665
2666This yields :
2667
9d48860e 2668 $stmt = "WHERE (foo = ? AND bar IN (SELECT c1 FROM t1
96449e8e 2669 WHERE c2 < ? AND c3 LIKE ?))";
2670 @bind = (1234, 100, "foo%");
2671
9d48860e 2672Other subquery operators, like for example C<"E<gt> ALL"> or C<"NOT IN">,
96449e8e 2673are expressed in the same way. Of course the C<$sub_stmt> and
9d48860e 2674its associated bind values can be generated through a former call
96449e8e 2675to C<select()> :
2676
2677 my ($sub_stmt, @sub_bind)
9d48860e 2678 = $sql->select("t1", "c1", {c2 => {"<" => 100},
96449e8e 2679 c3 => {-like => "foo%"}});
2680 my %where = (
2681 foo => 1234,
2682 bar => \["> ALL ($sub_stmt)" => @sub_bind],
2683 );
2684
2685In the examples above, the subquery was used as an operator on a column;
9d48860e 2686but the same principle also applies for a clause within the main C<%where>
96449e8e 2687hash, like an EXISTS subquery :
2688
9d48860e 2689 my ($sub_stmt, @sub_bind)
96449e8e 2690 = $sql->select("t1", "*", {c1 => 1, c2 => \"> t0.c0"});
48d9f5f8 2691 my %where = ( -and => [
96449e8e 2692 foo => 1234,
48d9f5f8 2693 \["EXISTS ($sub_stmt)" => @sub_bind],
2694 ]);
96449e8e 2695
2696which yields
2697
9d48860e 2698 $stmt = "WHERE (foo = ? AND EXISTS (SELECT * FROM t1
96449e8e 2699 WHERE c1 = ? AND c2 > t0.c0))";
2700 @bind = (1234, 1);
2701
2702
9d48860e 2703Observe that the condition on C<c2> in the subquery refers to
2704column C<t0.c0> of the main query : this is I<not> a bind
2705value, so we have to express it through a scalar ref.
96449e8e 2706Writing C<< c2 => {">" => "t0.c0"} >> would have generated
2707C<< c2 > ? >> with bind value C<"t0.c0"> ... not exactly
2708what we wanted here.
2709
96449e8e 2710Finally, here is an example where a subquery is used
2711for expressing unary negation:
2712
9d48860e 2713 my ($sub_stmt, @sub_bind)
96449e8e 2714 = $sql->where({age => [{"<" => 10}, {">" => 20}]});
2715 $sub_stmt =~ s/^ where //i; # don't want "WHERE" in the subclause
2716 my %where = (
2717 lname => {like => '%son%'},
48d9f5f8 2718 \["NOT ($sub_stmt)" => @sub_bind],
96449e8e 2719 );
2720
2721This yields
2722
2723 $stmt = "lname LIKE ? AND NOT ( age < ? OR age > ? )"
2724 @bind = ('%son%', 10, 20)
2725
cc422895 2726=head3 Deprecated usage of Literal SQL
2727
2728Below are some examples of archaic use of literal SQL. It is shown only as
2729reference for those who deal with legacy code. Each example has a much
2730better, cleaner and safer alternative that users should opt for in new code.
2731
2732=over
2733
2734=item *
2735
2736 my %where = ( requestor => \'IS NOT NULL' )
2737
2738 $stmt = "WHERE requestor IS NOT NULL"
2739
2740This used to be the way of generating NULL comparisons, before the handling
2741of C<undef> got formalized. For new code please use the superior syntax as
2742described in L</Tests for NULL values>.
96449e8e 2743
cc422895 2744=item *
2745
2746 my %where = ( requestor => \'= submitter' )
2747
2748 $stmt = "WHERE requestor = submitter"
2749
2750This used to be the only way to compare columns. Use the superior L</-ident>
2751method for all new code. For example an identifier declared in such a way
2752will be properly quoted if L</quote_char> is properly set, while the legacy
2753form will remain as supplied.
2754
2755=item *
2756
2757 my %where = ( is_ready => \"", completed => { '>', '2012-12-21' } )
2758
2759 $stmt = "WHERE completed > ? AND is_ready"
2760 @bind = ('2012-12-21')
2761
2762Using an empty string literal used to be the only way to express a boolean.
2763For all new code please use the much more readable
2764L<-bool|/Unary operators: bool> operator.
2765
2766=back
96449e8e 2767
2768=head2 Conclusion
2769
32eab2da 2770These pages could go on for a while, since the nesting of the data
2771structures this module can handle are pretty much unlimited (the
2772module implements the C<WHERE> expansion as a recursive function
2773internally). Your best bet is to "play around" with the module a
2774little to see how the data structures behave, and choose the best
2775format for your data based on that.
2776
2777And of course, all the values above will probably be replaced with
2778variables gotten from forms or the command line. After all, if you
2779knew everything ahead of time, you wouldn't have to worry about
2780dynamically-generating SQL and could just hardwire it into your
2781script.
2782
86298391 2783=head1 ORDER BY CLAUSES
2784
9d48860e 2785Some functions take an order by clause. This can either be a scalar (just a
86298391 2786column name,) a hash of C<< { -desc => 'col' } >> or C<< { -asc => 'col' } >>,
1cfa1db3 2787or an array of either of the two previous forms. Examples:
2788
952f9e2d 2789 Given | Will Generate
1cfa1db3 2790 ----------------------------------------------------------
952f9e2d 2791 |
2792 \'colA DESC' | ORDER BY colA DESC
2793 |
2794 'colA' | ORDER BY colA
2795 |
2796 [qw/colA colB/] | ORDER BY colA, colB
2797 |
2798 {-asc => 'colA'} | ORDER BY colA ASC
2799 |
2800 {-desc => 'colB'} | ORDER BY colB DESC
2801 |
2802 ['colA', {-asc => 'colB'}] | ORDER BY colA, colB ASC
2803 |
855e6047 2804 { -asc => [qw/colA colB/] } | ORDER BY colA ASC, colB ASC
952f9e2d 2805 |
2806 [ |
2807 { -asc => 'colA' }, | ORDER BY colA ASC, colB DESC,
2808 { -desc => [qw/colB/], | colC ASC, colD ASC
2809 { -asc => [qw/colC colD/],|
2810 ] |
2811 ===========================================================
86298391 2812
96449e8e 2813
2814
2815=head1 SPECIAL OPERATORS
2816
e3f9dff4 2817 my $sqlmaker = SQL::Abstract->new(special_ops => [
3a2e1a5e 2818 {
2819 regex => qr/.../,
e3f9dff4 2820 handler => sub {
2821 my ($self, $field, $op, $arg) = @_;
2822 ...
3a2e1a5e 2823 },
2824 },
2825 {
2826 regex => qr/.../,
2827 handler => 'method_name',
e3f9dff4 2828 },
2829 ]);
2830
9d48860e 2831A "special operator" is a SQL syntactic clause that can be
e3f9dff4 2832applied to a field, instead of a usual binary operator.
9d48860e 2833For example :
e3f9dff4 2834
2835 WHERE field IN (?, ?, ?)
2836 WHERE field BETWEEN ? AND ?
2837 WHERE MATCH(field) AGAINST (?, ?)
96449e8e 2838
e3f9dff4 2839Special operators IN and BETWEEN are fairly standard and therefore
3a2e1a5e 2840are builtin within C<SQL::Abstract> (as the overridable methods
2841C<_where_field_IN> and C<_where_field_BETWEEN>). For other operators,
2842like the MATCH .. AGAINST example above which is specific to MySQL,
2843you can write your own operator handlers - supply a C<special_ops>
2844argument to the C<new> method. That argument takes an arrayref of
2845operator definitions; each operator definition is a hashref with two
2846entries:
96449e8e 2847
e3f9dff4 2848=over
2849
2850=item regex
2851
2852the regular expression to match the operator
96449e8e 2853
e3f9dff4 2854=item handler
2855
3a2e1a5e 2856Either a coderef or a plain scalar method name. In both cases
2857the expected return is C<< ($sql, @bind) >>.
2858
2859When supplied with a method name, it is simply called on the
2860L<SQL::Abstract/> object as:
2861
2862 $self->$method_name ($field, $op, $arg)
2863
2864 Where:
2865
2866 $op is the part that matched the handler regex
2867 $field is the LHS of the operator
2868 $arg is the RHS
2869
2870When supplied with a coderef, it is called as:
2871
2872 $coderef->($self, $field, $op, $arg)
2873
e3f9dff4 2874
2875=back
2876
9d48860e 2877For example, here is an implementation
e3f9dff4 2878of the MATCH .. AGAINST syntax for MySQL
2879
2880 my $sqlmaker = SQL::Abstract->new(special_ops => [
9d48860e 2881
e3f9dff4 2882 # special op for MySql MATCH (field) AGAINST(word1, word2, ...)
9d48860e 2883 {regex => qr/^match$/i,
e3f9dff4 2884 handler => sub {
2885 my ($self, $field, $op, $arg) = @_;
2886 $arg = [$arg] if not ref $arg;
2887 my $label = $self->_quote($field);
2888 my ($placeholder) = $self->_convert('?');
2889 my $placeholders = join ", ", (($placeholder) x @$arg);
2890 my $sql = $self->_sqlcase('match') . " ($label) "
2891 . $self->_sqlcase('against') . " ($placeholders) ";
2892 my @bind = $self->_bindtype($field, @$arg);
2893 return ($sql, @bind);
2894 }
2895 },
9d48860e 2896
e3f9dff4 2897 ]);
96449e8e 2898
2899
59f23b3d 2900=head1 UNARY OPERATORS
2901
112b5232 2902 my $sqlmaker = SQL::Abstract->new(unary_ops => [
59f23b3d 2903 {
2904 regex => qr/.../,
2905 handler => sub {
2906 my ($self, $op, $arg) = @_;
2907 ...
2908 },
2909 },
2910 {
2911 regex => qr/.../,
2912 handler => 'method_name',
2913 },
2914 ]);
2915
9d48860e 2916A "unary operator" is a SQL syntactic clause that can be
59f23b3d 2917applied to a field - the operator goes before the field
2918
2919You can write your own operator handlers - supply a C<unary_ops>
2920argument to the C<new> method. That argument takes an arrayref of
2921operator definitions; each operator definition is a hashref with two
2922entries:
2923
2924=over
2925
2926=item regex
2927
2928the regular expression to match the operator
2929
2930=item handler
2931
2932Either a coderef or a plain scalar method name. In both cases
2933the expected return is C<< $sql >>.
2934
2935When supplied with a method name, it is simply called on the
2936L<SQL::Abstract/> object as:
2937
2938 $self->$method_name ($op, $arg)
2939
2940 Where:
2941
2942 $op is the part that matched the handler regex
2943 $arg is the RHS or argument of the operator
2944
2945When supplied with a coderef, it is called as:
2946
2947 $coderef->($self, $op, $arg)
2948
2949
2950=back
2951
2952
32eab2da 2953=head1 PERFORMANCE
2954
2955Thanks to some benchmarking by Mark Stosberg, it turns out that
2956this module is many orders of magnitude faster than using C<DBIx::Abstract>.
2957I must admit this wasn't an intentional design issue, but it's a
2958byproduct of the fact that you get to control your C<DBI> handles
2959yourself.
2960
2961To maximize performance, use a code snippet like the following:
2962
2963 # prepare a statement handle using the first row
2964 # and then reuse it for the rest of the rows
2965 my($sth, $stmt);
2966 for my $href (@array_of_hashrefs) {
2967 $stmt ||= $sql->insert('table', $href);
2968 $sth ||= $dbh->prepare($stmt);
2969 $sth->execute($sql->values($href));
2970 }
2971
2972The reason this works is because the keys in your C<$href> are sorted
2973internally by B<SQL::Abstract>. Thus, as long as your data retains
2974the same structure, you only have to generate the SQL the first time
2975around. On subsequent queries, simply use the C<values> function provided
2976by this module to return your values in the correct order.
2977
b864ba9b 2978However this depends on the values having the same type - if, for
2979example, the values of a where clause may either have values
2980(resulting in sql of the form C<column = ?> with a single bind
2981value), or alternatively the values might be C<undef> (resulting in
2982sql of the form C<column IS NULL> with no bind value) then the
2983caching technique suggested will not work.
96449e8e 2984
32eab2da 2985=head1 FORMBUILDER
2986
2987If you use my C<CGI::FormBuilder> module at all, you'll hopefully
2988really like this part (I do, at least). Building up a complex query
2989can be as simple as the following:
2990
2991 #!/usr/bin/perl
2992
46dc2f3e 2993 use warnings;
2994 use strict;
2995
32eab2da 2996 use CGI::FormBuilder;
2997 use SQL::Abstract;
2998
2999 my $form = CGI::FormBuilder->new(...);
3000 my $sql = SQL::Abstract->new;
3001
3002 if ($form->submitted) {
3003 my $field = $form->field;
3004 my $id = delete $field->{id};
3005 my($stmt, @bind) = $sql->update('table', $field, {id => $id});
3006 }
3007
3008Of course, you would still have to connect using C<DBI> to run the
3009query, but the point is that if you make your form look like your
3010table, the actual query script can be extremely simplistic.
3011
3012If you're B<REALLY> lazy (I am), check out C<HTML::QuickTable> for
9d48860e 3013a fast interface to returning and formatting data. I frequently
32eab2da 3014use these three modules together to write complex database query
3015apps in under 50 lines.
3016
d8cc1792 3017=head1 REPO
3018
3019=over
3020
6d19fbf9 3021=item * gitweb: L<http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=dbsrgits/SQL-Abstract.git>
d8cc1792 3022
6d19fbf9 3023=item * git: L<git://git.shadowcat.co.uk/dbsrgits/SQL-Abstract.git>
d8cc1792 3024
3025=back
32eab2da 3026
96449e8e 3027=head1 CHANGES
3028
3029Version 1.50 was a major internal refactoring of C<SQL::Abstract>.
3030Great care has been taken to preserve the I<published> behavior
3031documented in previous versions in the 1.* family; however,
9d48860e 3032some features that were previously undocumented, or behaved
96449e8e 3033differently from the documentation, had to be changed in order
3034to clarify the semantics. Hence, client code that was relying
9d48860e 3035on some dark areas of C<SQL::Abstract> v1.*
96449e8e 3036B<might behave differently> in v1.50.
32eab2da 3037
d2a8fe1a 3038The main changes are :
3039
96449e8e 3040=over
32eab2da 3041
9d48860e 3042=item *
32eab2da 3043
96449e8e 3044support for literal SQL through the C<< \ [$sql, bind] >> syntax.
3045
3046=item *
3047
145fbfc8 3048support for the { operator => \"..." } construct (to embed literal SQL)
3049
3050=item *
3051
9c37b9c0 3052support for the { operator => \["...", @bind] } construct (to embed literal SQL with bind values)
3053
3054=item *
3055
96449e8e 3056optional support for L<array datatypes|/"Inserting and Updating Arrays">
3057
9d48860e 3058=item *
96449e8e 3059
3060defensive programming : check arguments
3061
3062=item *
3063
3064fixed bug with global logic, which was previously implemented
7cac25e6 3065through global variables yielding side-effects. Prior versions would
96449e8e 3066interpret C<< [ {cond1, cond2}, [cond3, cond4] ] >>
3067as C<< "(cond1 AND cond2) OR (cond3 AND cond4)" >>.
3068Now this is interpreted
3069as C<< "(cond1 AND cond2) OR (cond3 OR cond4)" >>.
3070
96449e8e 3071
3072=item *
3073
3074fixed semantics of _bindtype on array args
3075
9d48860e 3076=item *
96449e8e 3077
3078dropped the C<_anoncopy> of the %where tree. No longer necessary,
3079we just avoid shifting arrays within that tree.
3080
3081=item *
3082
3083dropped the C<_modlogic> function
3084
3085=back
32eab2da 3086
32eab2da 3087=head1 ACKNOWLEDGEMENTS
3088
3089There are a number of individuals that have really helped out with
3090this module. Unfortunately, most of them submitted bugs via CPAN
3091so I have no idea who they are! But the people I do know are:
3092
9d48860e 3093 Ash Berlin (order_by hash term support)
b643abe1 3094 Matt Trout (DBIx::Class support)
32eab2da 3095 Mark Stosberg (benchmarking)
3096 Chas Owens (initial "IN" operator support)
3097 Philip Collins (per-field SQL functions)
3098 Eric Kolve (hashref "AND" support)
3099 Mike Fragassi (enhancements to "BETWEEN" and "LIKE")
3100 Dan Kubb (support for "quote_char" and "name_sep")
f5aab26e 3101 Guillermo Roditi (patch to cleanup "IN" and "BETWEEN", fix and tests for _order_by)
48d9f5f8 3102 Laurent Dami (internal refactoring, extensible list of special operators, literal SQL)
dbdf7648 3103 Norbert Buchmuller (support for literal SQL in hashpair, misc. fixes & tests)
e96c510a 3104 Peter Rabbitson (rewrite of SQLA::Test, misc. fixes & tests)
02288357 3105 Oliver Charles (support for "RETURNING" after "INSERT")
32eab2da 3106
3107Thanks!
3108
32eab2da 3109=head1 SEE ALSO
3110
86298391 3111L<DBIx::Class>, L<DBIx::Abstract>, L<CGI::FormBuilder>, L<HTML::QuickTable>.
32eab2da 3112
32eab2da 3113=head1 AUTHOR
3114
b643abe1 3115Copyright (c) 2001-2007 Nathan Wiger <nwiger@cpan.org>. All Rights Reserved.
3116
3117This module is actively maintained by Matt Trout <mst@shadowcatsystems.co.uk>
32eab2da 3118
abe72f94 3119For support, your best bet is to try the C<DBIx::Class> users mailing list.
3120While not an official support venue, C<DBIx::Class> makes heavy use of
3121C<SQL::Abstract>, and as such list members there are very familiar with
3122how to create queries.
3123
0d067ded 3124=head1 LICENSE
3125
d988ab87 3126This module is free software; you may copy this under the same
3127terms as perl itself (either the GNU General Public License or
3128the Artistic License)
32eab2da 3129
3130=cut
3131
Unnamed repository; edit this file 'description' to name the repository.