跳至内容 跳至搜索

Active Record 连接适配器引号

方法
Q
T
U

实例公共方法

quote(value)

引用列值以帮助防止SQL 注入攻击

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 73
def quote(value)
  case value
  when String, Symbol, ActiveSupport::Multibyte::Chars
    "'#{quote_string(value.to_s)}'"
  when true       then quoted_true
  when false      then quoted_false
  when nil        then "NULL"
  # BigDecimals need to be put in a non-normalized form and quoted.
  when BigDecimal then value.to_s("F")
  when Numeric then value.to_s
  when Type::Binary::Data then quoted_binary(value)
  when Type::Time::Value then "'#{quoted_time(value)}'"
  when Date, Time then "'#{quoted_date(value)}'"
  when Class      then "'#{value}'"
  else raise TypeError, "can't quote #{value.class.name}"
  end
end

quote_column_name(column_name)

引用列名。

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 136
def quote_column_name(column_name)
  self.class.quote_column_name(column_name)
end

quote_string(s)

引用字符串,转义任何 '(单引号)和 \(反斜杠)字符。

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 131
def quote_string(s)
  s.gsub("\\", '\&\&').gsub("'", "''") # ' (for ruby-mode)
end

quote_table_name(table_name)

引用表名。

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 141
def quote_table_name(table_name)
  self.class.quote_table_name(table_name)
end

quote_table_name_for_assignment(table, attr)

覆盖以返回用于赋值的引用表名。默认值为表引用。

这适用于MySQL,其中 table.column 可用于解决歧义。

我们在 sqlite3 和 postgresql 适配器中覆盖它以仅使用列名(根据语法要求)。

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 153
def quote_table_name_for_assignment(table, attr)
  quote_table_name("#{table}.#{attr}")
end

quoted_date(value)

引用日期/时间值以供 SQL 输入使用。如果该值是响应 usec 的Time,则包括微秒。

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 184
def quoted_date(value)
  if value.acts_like?(:time)
    if default_timezone == :utc
      value = value.getutc if !value.utc?
    else
      value = value.getlocal
    end
  end

  result = value.to_fs(:db)
  if value.respond_to?(:usec) && value.usec > 0
    result << "." << sprintf("%06d", value.usec)
  else
    result
  end
end

quoted_false()

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 174
def quoted_false
  "FALSE"
end

quoted_true()

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 166
def quoted_true
  "TRUE"
end

type_cast(value)

value 转换为数据库理解的类型。例如,SQLite 不理解日期,因此此方法会将Date 转换为String

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 94
def type_cast(value)
  case value
  when Symbol, ActiveSupport::Multibyte::Chars, Type::Binary::Data
    value.to_s
  when true       then unquoted_true
  when false      then unquoted_false
  # BigDecimals need to be put in a non-normalized form and quoted.
  when BigDecimal then value.to_s("F")
  when nil, Numeric, String then value
  when Type::Time::Value then quoted_time(value)
  when Date, Time then quoted_date(value)
  else raise TypeError, "can't cast #{value.class.name}"
  end
end

unquoted_false()

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 178
def unquoted_false
  false
end

unquoted_true()

来源:显示 | 在 GitHub 上

# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 170
def unquoted_true
  true
end