Module: ActiveRecord::ConnectionAdapters::Quoting

Included in:
AbstractAdapter
Defined in:
lib/active_record/connection_adapters/abstract/quoting.rb

Instance Method Summary collapse

Instance Method Details

#quote(value, column = nil) ⇒ Object

Quotes the column value to help prevent SQL injection attacks.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 8

def quote(value, column = nil)
  # records are quoted as their primary key
  return value.quoted_id if value.respond_to?(:quoted_id)

  case value
  when String, ActiveSupport::Multibyte::Chars
    value = value.to_s
    return "'#{quote_string(value)}'" unless column

    case column.type
    when :binary then "'#{quote_string(column.string_to_binary(value))}'"
    when :integer then value.to_i.to_s
    when :float then value.to_f.to_s
    else
      "'#{quote_string(value)}'"
    end

  when true, false
    if column && column.type == :integer
      value ? '1' : '0'
    else
      value ? quoted_true : quoted_false
    end
    # BigDecimals need to be put in a non-normalized form and quoted.
  when nil        then "NULL"
  when BigDecimal then value.to_s('F')
  when Numeric    then value.to_s
  when Date, Time then "'#{quoted_date(value)}'"
  when Symbol     then "'#{quote_string(value.to_s)}'"
  else
    "'#{quote_string(YAML.dump(value))}'"
  end
end

#quote_column_name(column_name) ⇒ Object

Quotes the column name. Defaults to no quoting.



85
86
87
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 85

def quote_column_name(column_name)
  column_name
end

#quote_string(s) ⇒ Object

Quotes a string, escaping any ‘ (single quote) and \ (backslash) characters.



80
81
82
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 80

def quote_string(s)
  s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
end

#quote_table_name(table_name) ⇒ Object

Quotes the table name. Defaults to column name quoting.



90
91
92
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 90

def quote_table_name(table_name)
  quote_column_name(table_name)
end

#quoted_date(value) ⇒ Object



102
103
104
105
106
107
108
109
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 102

def quoted_date(value)
  if value.acts_like?(:time)
    zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal
    value.respond_to?(zone_conversion_method) ? value.send(zone_conversion_method) : value
  else
    value
  end.to_s(:db)
end

#quoted_falseObject



98
99
100
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 98

def quoted_false
  "'f'"
end

#quoted_trueObject



94
95
96
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 94

def quoted_true
  "'t'"
end

#type_cast(value, column) ⇒ Object

Cast a value to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 45

def type_cast(value, column)
  return value.id if value.respond_to?(:quoted_id)

  case value
  when String, ActiveSupport::Multibyte::Chars
    value = value.to_s
    return value unless column

    case column.type
    when :binary then value
    when :integer then value.to_i
    when :float then value.to_f
    else
      value
    end

  when true, false
    if column && column.type == :integer
      value ? 1 : 0
    else
      value ? 't' : 'f'
    end
    # BigDecimals need to be put in a non-normalized form and quoted.
  when nil        then nil
  when BigDecimal then value.to_s('F')
  when Numeric    then value
  when Date, Time then quoted_date(value)
  when Symbol     then value.to_s
  else
    YAML.dump(value)
  end
end