Module | ActiveRecord::ConnectionAdapters::Quoting |
In: |
vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
|
Quotes the column value to help prevent SQL injection attacks.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6 6: def quote(value, column = nil) 7: # records are quoted as their primary key 8: return value.quoted_id if value.respond_to?(:quoted_id) 9: 10: case value 11: when String 12: if column && column.type == :binary && column.class.respond_to?(:string_to_binary) 13: "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode) 14: elsif column && [:integer, :float].include?(column.type) 15: value = column.type == :integer ? value.to_i : value.to_f 16: value.to_s 17: else 18: "'#{quote_string(value)}'" # ' (for ruby-mode) 19: end 20: when NilClass then "NULL" 21: when TrueClass then (column && column.type == :integer ? '1' : quoted_true) 22: when FalseClass then (column && column.type == :integer ? '0' : quoted_false) 23: when Float, Fixnum, Bignum then value.to_s 24: # BigDecimals need to be output in a non-normalized form and quoted. 25: when BigDecimal then value.to_s('F') 26: when Date then "'#{value.to_s}'" 27: when Time, DateTime then "'#{quoted_date(value)}'" 28: else "'#{quote_string(value.to_yaml)}'" 29: end 30: end
Returns a quoted form of the column name. This is highly adapter specific.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 40 40: def quote_column_name(name) 41: name 42: end
Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 34 34: def quote_string(s) 35: s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode) 36: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 52 52: def quoted_date(value) 53: value.strftime("%Y-%m-%d %H:%M:%S") 54: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 48 48: def quoted_false 49: "'f'" 50: end