Module ActiveRecord::ConnectionAdapters::Quoting
In: vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb

Methods

Public Instance methods

Quotes the column value to help prevent SQL injection attacks.

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6
 6:       def quote(value, column = nil)
 7:         # records are quoted as their primary key
 8:         return value.quoted_id if value.respond_to?(:quoted_id)
 9: 
10:         case value
11:           when String
12:             if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
13:               "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
14:             elsif column && [:integer, :float].include?(column.type)
15:               value = column.type == :integer ? value.to_i : value.to_f
16:               value.to_s
17:             else
18:               "'#{quote_string(value)}'" # ' (for ruby-mode)
19:             end
20:           when NilClass                 then "NULL"
21:           when TrueClass                then (column && column.type == :integer ? '1' : quoted_true)
22:           when FalseClass               then (column && column.type == :integer ? '0' : quoted_false)
23:           when Float, Fixnum, Bignum    then value.to_s
24:           # BigDecimals need to be output in a non-normalized form and quoted.
25:           when BigDecimal               then value.to_s('F')
26:           when Date                     then "'#{value.to_s}'"
27:           when Time, DateTime           then "'#{quoted_date(value)}'"
28:           else                          "'#{quote_string(value.to_yaml)}'"
29:         end
30:       end

Returns a quoted form of the column name. This is highly adapter specific.

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 40
40:       def quote_column_name(name)
41:         name
42:       end

Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 34
34:       def quote_string(s)
35:         s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
36:       end

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 52
52:       def quoted_date(value)
53:         value.strftime("%Y-%m-%d %H:%M:%S")
54:       end

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 48
48:       def quoted_false
49:         "'f'"
50:       end

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 44
44:       def quoted_true
45:         "'t'"
46:       end

[Validate]