Module: ActiveRecord::ConnectionAdapters::Quoting

Included in:
AbstractAdapter
Defined in:
lib/active_record/connection_adapters/abstract/quoting.rb

Instance Method Summary collapse

Instance Method Details

#quote(value, column = nil) ⇒ Object

Quotes the column value to help prevent SQL injection attacks.



8
9
10
11
12
13
14
15
16
17
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 8

def quote(value, column = nil)
  # records are quoted as their primary key
  return value.quoted_id if value.respond_to?(:quoted_id)

  if column
    value = column.cast_type.type_cast_for_database(value)
  end

  _quote(value)
end

#quote_column_name(column_name) ⇒ Object

Quotes the column name. Defaults to no quoting.



44
45
46
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 44

def quote_column_name(column_name)
  column_name
end

#quote_string(s) ⇒ Object

Quotes a string, escaping any ‘ (single quote) and \ (backslash) characters.



39
40
41
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 39

def quote_string(s)
  s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
end

#quote_table_name(table_name) ⇒ Object

Quotes the table name. Defaults to column name quoting.



49
50
51
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 49

def quote_table_name(table_name)
  quote_column_name(table_name)
end

#quote_table_name_for_assignment(table, attr) ⇒ Object

Override to return the quoted table name for assignment. Defaults to table quoting.

This works for mysql and mysql2 where table.column can be used to resolve ambiguity.

We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).



61
62
63
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 61

def quote_table_name_for_assignment(table, attr)
  quote_table_name("#{table}.#{attr}")
end

#quoted_date(value) ⇒ Object 



81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 81

def quoted_date(value)
  if value.acts_like?(:time)
    zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal

    if value.respond_to?(zone_conversion_method)
      value = value.send(zone_conversion_method)
    end
  end

  value.to_s(:db)
end

#quoted_falseObject 



73
74
75
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 73

def quoted_false
  "'f'"
end

#quoted_trueObject 



65
66
67
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 65

def quoted_true
  "'t'"
end

#type_cast(value, column) ⇒ Object

Cast a value to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.



22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 22

def type_cast(value, column)
  if value.respond_to?(:quoted_id) && value.respond_to?(:id)
    return value.id
  end

  if column
    value = column.cast_type.type_cast_for_database(value)
  end

  _type_cast(value)
rescue TypeError
  to_type = column ? " to #{column.type}" : ""
  raise TypeError, "can't cast #{value.class}#{to_type}"
end

#unquoted_falseObject 



77
78
79
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 77

def unquoted_false
  'f'
end

#unquoted_trueObject 



69
70
71
 
# File 'lib/active_record/connection_adapters/abstract/quoting.rb', line 69

def unquoted_true
  't'
end