module ActiveRecord::ConnectionAdapters::Quoting
Active Record Connection Adapters Quoting¶ ↑
Public Instance Methods
quote(value)
click to toggle source
Quotes the column value to help prevent SQL injection attacks.
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 73 def quote(value) case value when String, Symbol, ActiveSupport::Multibyte::Chars "'#{quote_string(value.to_s)}'" when true then quoted_true when false then quoted_false when nil then "NULL" # BigDecimals need to be put in a non-normalized form and quoted. when BigDecimal then value.to_s("F") when Numeric then value.to_s when Type::Binary::Data then quoted_binary(value) when Type::Time::Value then "'#{quoted_time(value)}'" when Date, Time then "'#{quoted_date(value)}'" when Class then "'#{value}'" else raise TypeError, "can't quote #{value.class.name}" end end
quote_column_name(column_name)
click to toggle source
Quotes the column name.
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 136 def quote_column_name(column_name) self.class.quote_column_name(column_name) end
quote_string(s)
click to toggle source
Quotes a string, escaping any ‘ (single quote) and \ (backslash) characters.
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 131 def quote_string(s) s.gsub("\\", '\&\&').gsub("'", "''") # ' (for ruby-mode) end
quote_table_name(table_name)
click to toggle source
Quotes the table name.
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 141 def quote_table_name(table_name) self.class.quote_table_name(table_name) end
quote_table_name_for_assignment(table, attr)
click to toggle source
Override to return the quoted table name for assignment. Defaults to table quoting.
This works for MySQL
where table.column can be used to resolve ambiguity.
We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 153 def quote_table_name_for_assignment(table, attr) quote_table_name("#{table}.#{attr}") end
quoted_date(value)
click to toggle source
Quote date/time values for use in SQL input. Includes microseconds if the value is a Time responding to usec.
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 184 def quoted_date(value) if value.acts_like?(:time) if default_timezone == :utc value = value.getutc if !value.utc? else value = value.getlocal end end result = value.to_fs(:db) if value.respond_to?(:usec) && value.usec > 0 result << "." << sprintf("%06d", value.usec) else result end end
quoted_false()
click to toggle source
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 174 def quoted_false "FALSE" end
quoted_true()
click to toggle source
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 166 def quoted_true "TRUE" end
type_cast(value)
click to toggle source
Cast a value
to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 94 def type_cast(value) case value when Symbol, ActiveSupport::Multibyte::Chars, Type::Binary::Data value.to_s when true then unquoted_true when false then unquoted_false # BigDecimals need to be put in a non-normalized form and quoted. when BigDecimal then value.to_s("F") when nil, Numeric, String then value when Type::Time::Value then quoted_time(value) when Date, Time then quoted_date(value) else raise TypeError, "can't cast #{value.class.name}" end end
unquoted_false()
click to toggle source
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 178 def unquoted_false false end
unquoted_true()
click to toggle source
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 170 def unquoted_true true end
Private Instance Methods
lookup_cast_type(sql_type)
click to toggle source
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 234 def lookup_cast_type(sql_type) type_map.lookup(sql_type) end
type_casted_binds(binds)
click to toggle source
# File lib/active_record/connection_adapters/abstract/quoting.rb, line 224 def type_casted_binds(binds) binds&.map do |value| if ActiveModel::Attribute === value type_cast(value.value_for_database) else type_cast(value) end end end