Module | ActiveRecord::ConnectionAdapters::Quoting |
In: |
vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
|
Quotes the column value to help prevent SQL injection attacks.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6 6: def quote(value, column = nil) 7: # records are quoted as their primary key 8: return value.quoted_id if value.respond_to?(:quoted_id) 9: 10: case value 11: when String, ActiveSupport::Multibyte::Chars 12: value = value.to_s 13: if column && column.type == :binary && column.class.respond_to?(:string_to_binary) 14: "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode) 15: elsif column && [:integer, :float].include?(column.type) 16: value = column.type == :integer ? value.to_i : value.to_f 17: value.to_s 18: else 19: "'#{quote_string(value)}'" # ' (for ruby-mode) 20: end 21: when NilClass then "NULL" 22: when TrueClass then (column && column.type == :integer ? '1' : quoted_true) 23: when FalseClass then (column && column.type == :integer ? '0' : quoted_false) 24: when Float, Fixnum, Bignum then value.to_s 25: # BigDecimals need to be output in a non-normalized form and quoted. 26: when BigDecimal then value.to_s('F') 27: when Date then "'#{value.to_s(:db)}'" 28: when Time, DateTime then "'#{quoted_date(value)}'" 29: else "'#{quote_string(value.to_yaml)}'" 30: end 31: end
Returns a quoted form of the column name. This is highly adapter specific.
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 41 41: def quote_column_name(name) 42: name 43: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 53 53: def quoted_date(value) 54: value.strftime("%Y-%m-%d %H:%M:%S") 55: end
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 49 49: def quoted_false 50: "'f'" 51: end