edge badge
Methods
Q
T
U
Instance Public methods
quote(value, column = nil)

Quotes the column value to help prevent SQL injection attacks.

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 8
def quote(value, column = nil)
  # records are quoted as their primary key
  return value.quoted_id if value.respond_to?(:quoted_id)

  if column
    value = column.cast_type.type_cast_for_database(value)
  end

  _quote(value)
end
quote_column_name(column_name)

Quotes the column name. Defaults to no quoting.

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 44
def quote_column_name(column_name)
  column_name
end
quote_string(s)

Quotes a string, escaping any ' (single quote) and \ (backslash) characters.

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 39
def quote_string(s)
  s.gsub(/\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
end
quote_table_name(table_name)

Quotes the table name. Defaults to column name quoting.

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 49
def quote_table_name(table_name)
  quote_column_name(table_name)
end
quote_table_name_for_assignment(table, attr)

Override to return the quoted table name for assignment. Defaults to table quoting.

This works for mysql and mysql2 where table.column can be used to resolve ambiguity.

We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 61
def quote_table_name_for_assignment(table, attr)
  quote_table_name("#{table}.#{attr}")
end
quoted_date(value)
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 81
def quoted_date(value)
  if value.acts_like?(:time)
    zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal

    if value.respond_to?(zone_conversion_method)
      value = value.send(zone_conversion_method)
    end
  end

  value.to_s(:db)
end
quoted_false()
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 73
def quoted_false
  "'f'"
end
quoted_true()
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 65
def quoted_true
  "'t'"
end
type_cast(value, column)

Cast a value to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 22
def type_cast(value, column)
  if value.respond_to?(:quoted_id) && value.respond_to?(:id)
    return value.id
  end

  if column
    value = column.cast_type.type_cast_for_database(value)
  end

  _type_cast(value)
rescue TypeError
  to_type = column ? " to #{column.type}" : ""
  raise TypeError, "can't cast #{value.class}#{to_type}"
end
unquoted_false()
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 77
def unquoted_false
  'f'
end
unquoted_true()
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 69
def unquoted_true
  't'
end