Module: ActiveRecord::ConnectionAdapters::Quoting

Included in:
AbstractAdapter
Defined in:
activerecord/lib/active_record/connection_adapters/abstract/quoting.rb

Instance Method Summary collapse

Instance Method Details

#quote(value, column = nil) ⇒ Object

Quotes the column value to help prevent SQL injection attacks.


9
10
11
12
13
14
15
16
17
18
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 9

def quote(value, column = nil)
  # records are quoted as their primary key
  return value.quoted_id if value.respond_to?(:quoted_id)

  if column
    value = column.cast_type.type_cast_for_database(value)
  end

  _quote(value)
end

#quote_column_name(column_name) ⇒ Object

Quotes the column name. Defaults to no quoting.


45
46
47
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 45

def quote_column_name(column_name)
  column_name
end

#quote_string(s) ⇒ Object

Quotes a string, escaping any ' (single quote) and \ (backslash) characters.


40
41
42
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 40

def quote_string(s)
  s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
end

#quote_table_name(table_name) ⇒ Object

Quotes the table name. Defaults to column name quoting.


50
51
52
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 50

def quote_table_name(table_name)
  quote_column_name(table_name)
end

#quote_table_name_for_assignment(table, attr) ⇒ Object

Override to return the quoted table name for assignment. Defaults to table quoting.

This works for mysql and mysql2 where table.column can be used to resolve ambiguity.

We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).


62
63
64
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 62

def quote_table_name_for_assignment(table, attr)
  quote_table_name("#{table}.#{attr}")
end

#quoted_date(value) ⇒ Object


82
83
84
85
86
87
88
89
90
91
92
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 82

def quoted_date(value)
  if value.acts_like?(:time)
    zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal

    if value.respond_to?(zone_conversion_method)
      value = value.send(zone_conversion_method)
    end
  end

  value.to_s(:db)
end

#quoted_falseObject


74
75
76
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 74

def quoted_false
  "'f'"
end

#quoted_trueObject


66
67
68
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 66

def quoted_true
  "'t'"
end

#type_cast(value, column) ⇒ Object

Cast a value to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.


23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 23

def type_cast(value, column)
  if value.respond_to?(:quoted_id) && value.respond_to?(:id)
    return value.id
  end

  if column
    value = column.cast_type.type_cast_for_database(value)
  end

  _type_cast(value)
rescue TypeError
  to_type = column ? " to #{column.type}" : ""
  raise TypeError, "can't cast #{value.class}#{to_type}"
end

#unquoted_falseObject


78
79
80
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 78

def unquoted_false
  'f'
end

#unquoted_trueObject


70
71
72
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 70

def unquoted_true
  't'
end