Module ActiveRecord::ConnectionAdapters::Quoting
In: vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb

Methods

Public Instance methods

Quotes the column value to help prevent SQL injection attacks.

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6
 6:       def quote(value, column = nil)
 7:         # records are quoted as their primary key
 8:         return value.quoted_id if value.respond_to?(:quoted_id)
 9: 
10:         case value
11:           when String, ActiveSupport::Multibyte::Chars
12:             value = value.to_s
13:             if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
14:               "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
15:             elsif column && [:integer, :float].include?(column.type)
16:               value = column.type == :integer ? value.to_i : value.to_f
17:               value.to_s
18:             else
19:               "'#{quote_string(value)}'" # ' (for ruby-mode)
20:             end
21:           when NilClass                 then "NULL"
22:           when TrueClass                then (column && column.type == :integer ? '1' : quoted_true)
23:           when FalseClass               then (column && column.type == :integer ? '0' : quoted_false)
24:           when Float, Fixnum, Bignum    then value.to_s
25:           # BigDecimals need to be output in a non-normalized form and quoted.
26:           when BigDecimal               then value.to_s('F')
27:           when Date                     then "'#{value.to_s(:db)}'"
28:           when Time, DateTime           then "'#{quoted_date(value)}'"
29:           else                          "'#{quote_string(value.to_yaml)}'"
30:         end
31:       end

Returns a quoted form of the column name. This is highly adapter specific.

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 41
41:       def quote_column_name(name)
42:         name
43:       end

Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 35
35:       def quote_string(s)
36:         s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
37:       end

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 53
53:       def quoted_date(value)
54:         value.strftime("%Y-%m-%d %H:%M:%S")
55:       end

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 49
49:       def quoted_false
50:         "'f'"
51:       end

[Source]

    # File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 45
45:       def quoted_true
46:         "'t'"
47:       end

[Validate]