Module: ActiveRecord::ConnectionAdapters::Quoting
| Relationships & Source Files | |
| Extension / Inclusion / Inheritance Descendants | |
|
Included In:
| |
| Defined in: | activerecord/lib/active_record/connection_adapters/abstract/quoting.rb |
Instance Method Summary
-
#quote(value, column = nil)
Quotes the column value to help prevent SQL injection attacks.
-
#quote_column_name(column_name)
Quotes the column name.
-
#quote_string(s)
Quotes a string, escaping any ' (single quote) and \ (backslash) characters.
-
#quote_table_name(table_name)
Quotes the table name.
-
#quote_table_name_for_assignment(table, attr)
Override to return the quoted table name for assignment.
- #quoted_date(value)
- #quoted_false
- #quoted_true
-
#type_cast(value, column)
Cast a
valueto a type that the database understands. - #unquoted_false
- #unquoted_true
Instance Method Details
#quote(value, column = nil)
Quotes the column value to help prevent SQL injection attacks.
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 9
def quote(value, column = nil) # records are quoted as their primary key return value.quoted_id if value.respond_to?(:quoted_id) if column value = column.cast_type.type_cast_for_database(value) end _quote(value) end
#quote_column_name(column_name)
Quotes the column name. Defaults to no quoting.
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 45
def quote_column_name(column_name) column_name end
#quote_string(s)
Quotes a string, escaping any ' (single quote) and \ (backslash) characters.
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 40
def quote_string(s) s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode) end
#quote_table_name(table_name)
Quotes the table name. Defaults to column name quoting.
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 50
def quote_table_name(table_name) quote_column_name(table_name) end
#quote_table_name_for_assignment(table, attr)
Override to return the quoted table name for assignment. Defaults to table quoting.
This works for mysql and mysql2 where table.column can be used to resolve ambiguity.
We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 62
def quote_table_name_for_assignment(table, attr) quote_table_name("#{table}.#{attr}") end
#quoted_date(value)
[ GitHub ]# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 82
def quoted_date(value) if value.acts_like?(:time) zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal if value.respond_to?(zone_conversion_method) value = value.send(zone_conversion_method) end end value.to_s(:db) end
#quoted_false
[ GitHub ]# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 74
def quoted_false "'f'" end
#quoted_true
[ GitHub ]# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 66
def quoted_true "'t'" end
#type_cast(value, column)
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 23
def type_cast(value, column) if value.respond_to?(:quoted_id) && value.respond_to?(:id) return value.id end if column value = column.cast_type.type_cast_for_database(value) end _type_cast(value) rescue TypeError to_type = column ? " to #{column.type}" : "" raise TypeError, "can't cast #{value.class}#{to_type}" end
#unquoted_false
[ GitHub ]# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 78
def unquoted_false 'f' end
#unquoted_true
[ GitHub ]# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 70
def unquoted_true 't' end