| Module | ActiveRecord::ConnectionAdapters::Quoting |
| In: |
vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
|
Quotes the column value to help prevent SQL injection attacks.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6
6: def quote(value, column = nil)
7: # records are quoted as their primary key
8: return value.quoted_id if value.respond_to?(:quoted_id)
9:
10: case value
11: when String, ActiveSupport::Multibyte::Chars
12: value = value.to_s
13: if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
14: "#{quoted_string_prefix}'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
15: elsif column && [:integer, :float].include?(column.type)
16: value = column.type == :integer ? value.to_i : value.to_f
17: value.to_s
18: else
19: "#{quoted_string_prefix}'#{quote_string(value)}'" # ' (for ruby-mode)
20: end
21: when NilClass then "NULL"
22: when TrueClass then (column && column.type == :integer ? '1' : quoted_true)
23: when FalseClass then (column && column.type == :integer ? '0' : quoted_false)
24: when Float, Fixnum, Bignum then value.to_s
25: # BigDecimals need to be output in a non-normalized form and quoted.
26: when BigDecimal then value.to_s('F')
27: else
28: if value.acts_like?(:date) || value.acts_like?(:time)
29: "'#{quoted_date(value)}'"
30: else
31: "#{quoted_string_prefix}'#{quote_string(value.to_yaml)}'"
32: end
33: end
34: end
Quotes the column name. Defaults to no quoting.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 43
43: def quote_column_name(column_name)
44: column_name
45: end
Quotes the table name. Defaults to column name quoting.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 48
48: def quote_table_name(table_name)
49: quote_column_name(table_name)
50: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 60
60: def quoted_date(value)
61: value.to_s(:db)
62: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 56
56: def quoted_false
57: "'f'"
58: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 64
64: def quoted_string_prefix
65: ''
66: end