Methods
Public Instance methods
Quotes the column value to help prevent SQL injection attacks.
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6 6: def quote(value, column = nil) 7: # records are quoted as their primary key 8: return value.quoted_id if value.respond_to?(:quoted_id) 9: 10: case value 11: when String, ActiveSupport::Multibyte::Chars 12: value = value.to_s 13: if column && column.type == :binary && column.class.respond_to?(:string_to_binary) 14: "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode) 15: elsif column && [:integer, :float].include?(column.type) 16: value = column.type == :integer ? value.to_i : value.to_f 17: value.to_s 18: else 19: "'#{quote_string(value)}'" # ' (for ruby-mode) 20: end 21: when NilClass then "NULL" 22: when TrueClass then (column && column.type == :integer ? '1' : quoted_true) 23: when FalseClass then (column && column.type == :integer ? '0' : quoted_false) 24: when Float, Fixnum, Bignum then value.to_s 25: # BigDecimals need to be output in a non-normalized form and quoted. 26: when BigDecimal then value.to_s('F') 27: else 28: if value.acts_like?(:date) || value.acts_like?(:time) 29: "'#{quoted_date(value)}'" 30: else 31: "'#{quote_string(value.to_yaml)}'" 32: end 33: end 34: end
Quotes the column name. Defaults to no quoting.
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 43 43: def quote_column_name(column_name) 44: column_name 45: end
Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 38 38: def quote_string(s) 39: s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode) 40: end
Quotes the table name. Defaults to column name quoting.
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 48 48: def quote_table_name(table_name) 49: quote_column_name(table_name) 50: end
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 60 60: def quoted_date(value) 61: value.to_s(:db) 62: end
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 56 56: def quoted_false 57: "'f'" 58: end
[ show source ]
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 52 52: def quoted_true 53: "'t'" 54: end