module ActiveRecord::ConnectionAdapters::Quoting
Public Instance Methods
Quotes the column value to help prevent SQL injection attacks.
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 11 def quote(value) value = id_value_for_database(value) if value.is_a?(Base) if value.respond_to?(:quoted_id) at = value.method(:quoted_id).source_location at &&= " at %s:%d" % at owner = value.method(:quoted_id).owner.to_s klass = value.class.to_s klass += "(#{owner})" unless owner == klass ActiveSupport::Deprecation.warn \ "Defining #quoted_id is deprecated and will be ignored in Quails 5.2. (defined on #{klass}#{at})" return value.quoted_id end if value.respond_to?(:value_for_database) value = value.value_for_database end _quote(value) end
Quotes the column name. Defaults to no quoting.
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 84 def quote_column_name(column_name) column_name.to_s end
Quotes a string, escaping any ' (single quote) and \ (backslash) characters.
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 79 def quote_string(s) s.gsub('\\'.freeze, '\&\&'.freeze).gsub("'".freeze, "''".freeze) # ' (for ruby-mode) end
Quotes the table name. Defaults to column name quoting.
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 89 def quote_table_name(table_name) quote_column_name(table_name) end
Override to return the quoted table name for assignment. Defaults to table quoting.
This works for mysql2 where table.column can be used to resolve ambiguity.
We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 101 def quote_table_name_for_assignment(table, attr) quote_table_name("#{table}.#{attr}") end
Quote date/time values for use in SQL input. Includes microseconds if the value is a Time
responding to usec.
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 132 def quoted_date(value) if value.acts_like?(:time) zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal if value.respond_to?(zone_conversion_method) value = value.send(zone_conversion_method) end end result = value.to_s(:db) if value.respond_to?(:usec) && value.usec > 0 "#{result}.#{sprintf("%06d", value.usec)}" else result end end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 122 def quoted_false "FALSE".freeze end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 114 def quoted_true "TRUE".freeze end
Cast a value
to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date
to a String
.
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 37 def type_cast(value, column = nil) value = id_value_for_database(value) if value.is_a?(Base) if value.respond_to?(:quoted_id) && value.respond_to?(:id) return value.id end if column value = type_cast_from_column(column, value) end _type_cast(value) rescue TypeError to_type = column ? " to #{column.type}" : "" raise TypeError, "can't cast #{value.class}#{to_type}" end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 126 def unquoted_false false end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 118 def unquoted_true true end
Private Instance Methods
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 180 def _quote(value) case value when String, ActiveSupport::Multibyte::Chars "'#{quote_string(value.to_s)}'" when true then quoted_true when false then quoted_false when nil then "NULL" # BigDecimals need to be put in a non-normalized form and quoted. when BigDecimal then value.to_s("F") when Numeric, ActiveSupport::Duration then value.to_s when Type::Binary::Data then quoted_binary(value) when Type::Time::Value then "'#{quoted_time(value)}'" when Date, Time then "'#{quoted_date(value)}'" when Symbol then "'#{quote_string(value.to_s)}'" when Class then "'#{value}'" else raise TypeError, "can't quote #{value.class.name}" end end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 199 def _type_cast(value) case value when Symbol, ActiveSupport::Multibyte::Chars, Type::Binary::Data value.to_s when true then unquoted_true when false then unquoted_false # BigDecimals need to be put in a non-normalized form and quoted. when BigDecimal then value.to_s("F") when Type::Time::Value then quoted_time(value) when Date, Time then quoted_date(value) when *types_which_need_no_typecasting value else raise TypeError end end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 170 def id_value_for_database(value) if primary_key = value.class.primary_key value.instance_variable_get(:@attributes)[primary_key].value_for_database end end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 166 def lookup_cast_type(sql_type) type_map.lookup(sql_type) end
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 176 def types_which_need_no_typecasting [nil, Numeric, String] end