module ActiveRecord::ConnectionAdapters::Quoting
Active Record Connection Adapters Quoting
Public instance methods
quote(value)
Quotes the column value to help prevent SQL injection attacks.
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 73
def quote(value)
case value
when String, Symbol, ActiveSupport::Multibyte::Chars
"'#{quote_string(value.to_s)}'"
when true then quoted_true
when false then quoted_false
when nil then "NULL"
# BigDecimals need to be put in a non-normalized form and quoted.
when BigDecimal then value.to_s("F")
when Numeric then value.to_s
when Type::Binary::Data then quoted_binary(value)
when Type::Time::Value then "'#{quoted_time(value)}'"
when Date, Time then "'#{quoted_date(value)}'"
when Class then "'#{value}'"
else raise TypeError, "can't quote #{value.class.name}"
end
endquote_column_name(column_name)
Quotes the column name.
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 136
def quote_column_name(column_name)
self.class.quote_column_name(column_name)
endquote_string(s)
Quotes a string, escaping any ‘ (single quote) and \ (backslash) characters.
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 131
def quote_string(s)
s.gsub("\\", '\&\&').gsub("'", "''") # ' (for ruby-mode)
endquote_table_name(table_name)
Quotes the table name.
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 141
def quote_table_name(table_name)
self.class.quote_table_name(table_name)
endquote_table_name_for_assignment(table, attr)
Override to return the quoted table name for assignment. Defaults to table quoting.
This works for MySQL where table.column can be used to resolve ambiguity.
We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 153
def quote_table_name_for_assignment(table, attr)
quote_table_name("#{table}.#{attr}")
endquoted_date(value)
Quote date/time values for use in SQL input. Includes microseconds if the value is a Time responding to usec.
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 184
def quoted_date(value)
if value.acts_like?(:time)
if default_timezone == :utc
value = value.getutc if !value.utc?
else
value = value.getlocal
end
end
result = value.to_fs(:db)
if value.respond_to?(:usec) && value.usec > 0
result << "." << sprintf("%06d", value.usec)
else
result
end
endquoted_false()
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 174
def quoted_false
"FALSE"
endquoted_true()
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 166
def quoted_true
"TRUE"
endtype_cast(value)
Cast a value to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 94
def type_cast(value)
case value
when Symbol, ActiveSupport::Multibyte::Chars, Type::Binary::Data
value.to_s
when true then unquoted_true
when false then unquoted_false
# BigDecimals need to be put in a non-normalized form and quoted.
when BigDecimal then value.to_s("F")
when nil, Numeric, String then value
when Type::Time::Value then quoted_time(value)
when Date, Time then quoted_date(value)
else raise TypeError, "can't cast #{value.class.name}"
end
endunquoted_false()
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 178
def unquoted_false
false
endunquoted_true()
Source code GitHub
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 170
def unquoted_true
true
end