aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib/active_record/connection_adapters/mysql/quoting.rb
Commit message (Collapse)AuthorAgeFilesLines
* Allow column name with function (e.g. `length(title)`) as safe SQL stringRyuta Kamizono2019-06-101-2/+8
| | | | | | | | | | | | | | | | Currently, almost all "Dangerous query method" warnings are false alarm. As long as almost all the warnings are false alarm, developers think "Let's ignore the warnings by using `Arel.sql()`, it actually is false alarm in practice.", so I think we should effort to reduce false alarm in order to make the warnings valuable. This allows column name with function (e.g. `length(title)`) as safe SQL string, which is very common false alarm pattern, even in the our codebase. Related 6c82b6c99, 6607ecb2a, #36420. Fixes #32995.
* Allow `column_name AS alias` as safe SQL stringRyuta Kamizono2019-06-101-0/+1
|
* Refactor `disallow_raw_sql!` to avoid `split(/\s*,\s*/)` to order argsRyuta Kamizono2019-06-091-4/+13
| | | | | `split(/\s*,\s*/)` to order args and then `permit.match?` one by one is much slower than `permit.match?` once.
* Allow quoted identifier string as safe SQL stringRyuta Kamizono2019-06-061-5/+26
| | | | | | | | | | | | | Currently `posts.title` is regarded as a safe SQL string, but `"posts"."title"` (it is a result of `quote_table_name("posts.title")`) is regarded as an unsafe SQL string even though a result of `quote_table_name` should obviously be regarded as a safe SQL string, since the column name matcher doesn't respect quotation, it is a little annoying. This changes the column name matcher to allow quoted identifiers as safe SQL string, now all results of the `quote_table_name` are regarded as safe SQL string.
* Add `Style/RedundantFreeze` to remove redudant `.freeze`Yasuo Honda2018-09-291-1/+1
| | | | | | | | | | | | | | | | | | | | | Since Rails 6.0 will support Ruby 2.4.1 or higher `# frozen_string_literal: true` magic comment is enough to make string object frozen. This magic comment is enabled by `Style/FrozenStringLiteralComment` cop. * Exclude these files not to auto correct false positive `Regexp#freeze` - 'actionpack/lib/action_dispatch/journey/router/utils.rb' - 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb' It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333 Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed. * Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required - 'actionpack/test/controller/test_case_test.rb' - 'activemodel/test/cases/type/string_test.rb' - 'activesupport/lib/active_support/core_ext/string/strip.rb' - 'activesupport/test/core_ext/string_ext_test.rb' - 'railties/test/generators/actions_test.rb'
* Merge pull request #29870 from kamipo/use_true_false_literalsSean Griffin2017-07-221-10/+0
|\ | | | | Use `TRUE` and `FALSE` boolean literals for MySQL
| * Use `TRUE` and `FALSE` boolean literals for MySQLRyuta Kamizono2017-07-201-10/+0
| | | | | | | | | | | | Since #29699, abstract boolean serialization has been changed to use `TRUE` and `FALSE` literals. MySQL also support the literals. So we can use the abstract boolean serialization even for MySQL.
* | Use frozen-string-literal in ActiveRecordKir Shatrov2017-07-191-0/+2
|/
* Fix type casting a time for MariaDBRyuta Kamizono2017-07-191-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | Context #24542. Since 8ebe1f2, it has lost stripping date part for a time value. But I confirmed it is still needed even if MariaDB 10.2.6 GA. MariaDB 10.2.6, `prepared_statements: true`: ``` % ARCONN=mysql2 be ruby -w -Itest test/cases/time_precision_test.rb -n test_formatting_time_according_to_precision Using mysql2 Run options: -n test_formatting_time_according_to_precision --seed 37614 F Failure: TimePrecisionTest#test_formatting_time_according_to_precision [test/cases/time_precision_test.rb:53]: Failed assertion, no message given. bin/rails test test/cases/time_precision_test.rb:46 Finished in 0.040279s, 24.8268 runs/s, 24.8268 assertions/s. 1 runs, 1 assertions, 1 failures, 0 errors, 0 skips ```
* Don't convert dates to strings when using prepared statements in mysqlSean Griffin2017-07-181-0/+8
| | | | | | | | Dates are able to be natively handled by the mysql2 gem. libmysql (and the wire protocol) represent each portion of the date as an integer, which is significantly faster to encode and decode. By passing the Ruby date objects through directly, we can save a good bit of time and memory.
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Extract `quoted_binary` and use it rather than override `_quote`Ryuta Kamizono2016-09-271-9/+3
| | | | | | | Each databases have different binary representation. Therefore all adapters overrides `_quote` for quoting binary. Extract `quoted_binary` for quoting binary and use it rather than override `_quote`.
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-6/+6
|
* applies new string literal convention in activerecord/libXavier Noria2016-08-061-3/+3
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* `@quoted_{column,table}_names` should cache a frozen stringRyuta Kamizono2016-07-281-2/+2
| | | | | | | | | | | | | | Caching a mutable string causes the following issue. ``` Loading development environment (Rails 5.1.0.alpha) irb(main):001:0> ActiveRecord::Base.connection.quote_table_name('foo') << '!!' => "`foo`!!" irb(main):002:0> ActiveRecord::Base.connection.quote_table_name('foo') << '!!' => "`foo`!!!!" irb(main):003:0> ActiveRecord::Base.connection.quote_table_name('foo') << '!!' => "`foo`!!!!!!" ```
* Quoting booleans should return a frozen stringRyuta Kamizono2016-07-271-1/+1
| | | | | | | | | | | | | | | | | | | If reuse `QUOTED_TRUE` and `QUOTED_FALSE` without frozen, causing the following issue. ``` Loading development environment (Rails 5.1.0.alpha) irb(main):001:0> ActiveRecord::Base.connection.quote(true) << ' foo' => "1 foo" irb(main):002:0> ActiveRecord::Base.connection.quote(true) << ' foo' => "1 foo foo" irb(main):003:0> type = ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter::MysqlString.new => #<ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter::MysqlString:0x007fd40c15e018 @precision=nil, @scale=nil, @limit=nil> irb(main):004:0> type.serialize(true) << ' bar' => "1 foo foo bar" irb(main):005:0> type.cast(true) << ' bar' => "1 foo foo bar bar" ```
* Make `QUOTED_TRUE` and `QUOTED_FALSE` to public because these are used in ↵Ryuta Kamizono2016-04-061-2/+2
| | | | `MysqlString`
* Move `quoted_date`, `quote_string` and `quote_table_name_for_assignment` ↵Ryuta Kamizono2016-04-051-0/+8
| | | | methods to `Quoting` module
* Make to private `QUOTED_TRUE` and `QUOTED_FALSE` constantsRyuta Kamizono2016-04-051-0/+18
|
* Move `@quoted_{column|table}_names` cache up to the abstract adapterRyuta Kamizono2016-03-311-0/+8
|
* Make to private the visibility of `_quote` and `_type_cast`Ryuta Kamizono2016-03-301-0/+17
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 21:36:25 +0000