Methods
Public Instance methods
Quotes the column value to help prevent SQL injection attacks.
[ show source ]
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 6 6: def quote(value, column = nil) 7: case value 8: when String 9: if column && column.type == :binary && column.class.respond_to?(:string_to_binary) 10: "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode) 11: elsif column && [:integer, :float].include?(column.type) 12: value.to_s 13: else 14: "'#{quote_string(value)}'" # ' (for ruby-mode) 15: end 16: when NilClass then "NULL" 17: when TrueClass then (column && column.type == :integer ? '1' : quoted_true) 18: when FalseClass then (column && column.type == :integer ? '0' : quoted_false) 19: when Float, Fixnum, Bignum then value.to_s 20: when Date then "'#{value.to_s}'" 21: when Time, DateTime then "'#{quoted_date(value)}'" 22: else "'#{quote_string(value.to_yaml)}'" 23: end 24: end
Returns a quoted form of the column name. This is highly adapter specific.
[ show source ]
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 34 34: def quote_column_name(name) 35: name 36: end
Quotes a string, escaping any ’ (single quote) and \ (backslash) characters.
[ show source ]
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 28 28: def quote_string(s) 29: s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode) 30: end
[ show source ]
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 46 46: def quoted_date(value) 47: value.strftime("%Y-%m-%d %H:%M:%S") 48: end
[ show source ]
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 42 42: def quoted_false 43: "'f'" 44: end
[ show source ]
# File vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 38 38: def quoted_true 39: "'t'" 40: end