Files

Class Index [+]

Quicksearch

ActiveRecord::ConnectionAdapters::Quoting

Public Instance Methods

quote(value, column = nil) click to toggle source

Quotes the column value to help prevent SQL injection attacks.

    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 8
 8:       def quote(value, column = nil)
 9:         # records are quoted as their primary key
10:         return value.quoted_id if value.respond_to?(:quoted_id)
11: 
12:         case value
13:           when String, ActiveSupport::Multibyte::Chars
14:             value = value.to_s
15:             if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
16:               "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
17:             elsif column && [:integer, :float].include?(column.type)
18:               value = column.type == :integer ? value.to_i : value.to_f
19:               value.to_s
20:             else
21:               "'#{quote_string(value)}'" # ' (for ruby-mode)
22:             end
23:           when NilClass                 then "NULL"
24:           when TrueClass                then (column && column.type == :integer ? '1' : quoted_true)
25:           when FalseClass               then (column && column.type == :integer ? '0' : quoted_false)
26:           when Float, Fixnum, Bignum    then value.to_s
27:           # BigDecimals need to be output in a non-normalized form and quoted.
28:           when BigDecimal               then value.to_s('F')
29:           else
30:             if value.acts_like?(:date) || value.acts_like?(:time)
31:               "'#{quoted_date(value)}'"
32:             else
33:               "'#{quote_string(value.to_s)}'"
34:             end
35:         end
36:       end
quote_column_name(column_name) click to toggle source

Quotes the column name. Defaults to no quoting.

    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 45
45:       def quote_column_name(column_name)
46:         column_name
47:       end
quote_string(s) click to toggle source

Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.

    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 40
40:       def quote_string(s)
41:         s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
42:       end
quote_table_name(table_name) click to toggle source

Quotes the table name. Defaults to column name quoting.

    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 50
50:       def quote_table_name(table_name)
51:         quote_column_name(table_name)
52:       end
quoted_date(value) click to toggle source
    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 62
62:       def quoted_date(value)
63:         if value.acts_like?(:time)
64:           zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal
65:           value.respond_to?(zone_conversion_method) ? value.send(zone_conversion_method) : value
66:         else
67:           value
68:         end.to_s(:db)
69:       end
quoted_false() click to toggle source
    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 58
58:       def quoted_false
59:         "'f'"
60:       end
quoted_true() click to toggle source
    # File lib/active_record/connection_adapters/abstract/quoting.rb, line 54
54:       def quoted_true
55:         "'t'"
56:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.