Methods
- quote
- quote_column_name
- quote_string
- quote_table_name
- quote_table_name_for_assignment
- quoted_date
- quoted_false
- quoted_true
- type_cast
- unquoted_false
- unquoted_true
Instance Public methods
quote(value)
Quotes the column value to help prevent SQL injection attacks.
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 11
def quote(value)
value = id_value_for_database(value) if value.is_a?(Base)
if value.respond_to?(:value_for_database)
value = value.value_for_database
end
_quote(value)
endquote_column_name(column_name)
Quotes the column name. Defaults to no quoting.
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 67
def quote_column_name(column_name)
column_name.to_s
endquote_string(s)
Quotes a string, escaping any ' (single quote) and \ (backslash) characters.
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 62
def quote_string(s)
s.gsub('\\'.freeze, '\&\&'.freeze).gsub("'".freeze, "''".freeze) # ' (for ruby-mode)
endquote_table_name(table_name)
Quotes the table name. Defaults to column name quoting.
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 72
def quote_table_name(table_name)
quote_column_name(table_name)
endquote_table_name_for_assignment(table, attr)
Override to return the quoted table name for assignment. Defaults to table quoting.
This works for mysql2 where table.column can be used to resolve ambiguity.
We override this in the sqlite3 and postgresql adapters to use only the column name (as per syntax requirements).
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 84
def quote_table_name_for_assignment(table, attr)
quote_table_name("#{table}.#{attr}")
endquoted_date(value)
Quote date/time values for use in SQL input. Includes microseconds if the value is a Time responding to usec.
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 115
def quoted_date(value)
if value.acts_like?(:time)
zone_conversion_method = ActiveRecord::Base.default_timezone == :utc ? :getutc : :getlocal
if value.respond_to?(zone_conversion_method)
value = value.send(zone_conversion_method)
end
end
result = value.to_s(:db)
if value.respond_to?(:usec) && value.usec > 0
"#{result}.#{sprintf("%06d", value.usec)}"
else
result
end
endquoted_false()
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 105
def quoted_false
"FALSE".freeze
endquoted_true()
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 97
def quoted_true
"TRUE".freeze
endtype_cast(value, column = nil)
Cast a value to a type that the database understands. For example, SQLite does not understand dates, so this method will convert a Date to a String.
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 24
def type_cast(value, column = nil)
value = id_value_for_database(value) if value.is_a?(Base)
if column
value = type_cast_from_column(column, value)
end
_type_cast(value)
rescue TypeError
to_type = column ? " to #{column.type}" : ""
raise TypeError, "can't cast #{value.class}#{to_type}"
endunquoted_false()
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 109
def unquoted_false
false
endunquoted_true()
📝 Source code
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 101
def unquoted_true
true
end