For strings, numeric arguments, and date/time arguments, add them as parameters to the query instead of literalizing them into the SQL.
# File lib/sequel/extensions/pg_auto_parameterize.rb, line 113 113: def literal_append(sql, v) 114: if sql.is_a?(StringWithArray) 115: case v 116: when String 117: case v 118: when LiteralString 119: super 120: when Sequel::SQL::Blob 121: sql.add_arg(v, :bytea) 122: else 123: sql.add_arg(v, :text) 124: end 125: when Bignum 126: sql.add_arg(v, :int8) 127: when Fixnum 128: sql.add_arg(v, :int4) 129: when Float 130: sql.add_arg(v, :"double precision") 131: when BigDecimal 132: sql.add_arg(v, :numeric) 133: when Sequel::SQLTime 134: sql.add_arg(v, :time) 135: when Time, DateTime 136: sql.add_arg(v, :timestamp) 137: when Date 138: sql.add_arg(v, :date) 139: else 140: super 141: end 142: else 143: super 144: end 145: end
Disable automatic parameterization for prepared statements, since they will use manual parameterization.
# File lib/sequel/extensions/pg_auto_parameterize.rb, line 155 155: def to_prepared_statement(*a) 156: opts[:no_auto_parameterize] ? super : no_auto_parameterize.to_prepared_statement(*a) 157: end
Unless auto parameterization is turned off, use a string that can store the parameterized arguments.
# File lib/sequel/extensions/pg_auto_parameterize.rb, line 163 163: def sql_string_origin 164: opts[:no_auto_parameterize] ? super : StringWithArray.new 165: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.