Module: ActiveRecord::ConnectionAdapters::Quoting

Methods

quote
quote_column_name
quote_string
quote_table_name
quoted_date
quoted_false
quoted_true

Public Instance methods

quote(value, column = nil)

Quotes the column value to help prevent SQL injection attacks.

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6
 6:       def quote(value, column = nil)
 7:         # records are quoted as their primary key
 8:         return value.quoted_id if value.respond_to?(:quoted_id)
 9: 
10:         case value
11:           when String, ActiveSupport::Multibyte::Chars
12:             value = value.to_s
13:             if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
14:               "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
15:             elsif column && [:integer, :float].include?(column.type)
16:               value = column.type == :integer ? value.to_i : value.to_f
17:               value.to_s
18:             else
19:               "'#{quote_string(value)}'" # ' (for ruby-mode)
20:             end
21:           when NilClass                 then "NULL"
22:           when TrueClass                then (column && column.type == :integer ? '1' : quoted_true)
23:           when FalseClass               then (column && column.type == :integer ? '0' : quoted_false)
24:           when Float, Fixnum, Bignum    then value.to_s
25:           # BigDecimals need to be output in a non-normalized form and quoted.
26:           when BigDecimal               then value.to_s('F')
27:           else
28:             if value.acts_like?(:date) || value.acts_like?(:time)
29:               "'#{quoted_date(value)}'"
30:             else
31:               "'#{quote_string(value.to_yaml)}'"
32:             end
33:         end
34:       end

quote_column_name(column_name)

Quotes the column name. Defaults to no quoting.

[ show source ]

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 43
43:       def quote_column_name(column_name)
44:         column_name
45:       end

quote_string(s)

Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.

[ show source ]

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 38
38:       def quote_string(s)
39:         s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
40:       end

quote_table_name(table_name)

Quotes the table name. Defaults to column name quoting.

[ show source ]

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 48
48:       def quote_table_name(table_name)
49:         quote_column_name(table_name)
50:       end

quoted_date(value)

[ show source ]

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 60
60:       def quoted_date(value)
61:         value.to_s(:db)
62:       end

quoted_false()

[ show source ]

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 56
56:       def quoted_false
57:         "'f'"
58:       end

quoted_true()

[ show source ]

    # File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 52
52:       def quoted_true
53:         "'t'"
54:       end