2017-02-13 18:58:58 +00:00
|
|
|
# frozen_string_literal: true
|
2018-02-24 06:45:50 +00:00
|
|
|
|
|
|
|
|
require "arel/errors"
|
|
|
|
|
|
|
|
|
|
require "arel/crud"
|
|
|
|
|
require "arel/factory_methods"
|
|
|
|
|
|
|
|
|
|
require "arel/expressions"
|
|
|
|
|
require "arel/predications"
|
2020-10-30 17:11:19 +00:00
|
|
|
require "arel/filter_predications"
|
2018-02-24 06:45:50 +00:00
|
|
|
require "arel/window_predications"
|
|
|
|
|
require "arel/math"
|
|
|
|
|
require "arel/alias_predication"
|
|
|
|
|
require "arel/order_predications"
|
|
|
|
|
require "arel/table"
|
2019-06-15 14:50:45 +00:00
|
|
|
require "arel/attributes/attribute"
|
2018-02-24 06:45:50 +00:00
|
|
|
|
|
|
|
|
require "arel/visitors"
|
|
|
|
|
require "arel/collectors/sql_string"
|
|
|
|
|
|
|
|
|
|
require "arel/tree_manager"
|
|
|
|
|
require "arel/insert_manager"
|
|
|
|
|
require "arel/select_manager"
|
|
|
|
|
require "arel/update_manager"
|
|
|
|
|
require "arel/delete_manager"
|
|
|
|
|
require "arel/nodes"
|
2010-08-12 21:55:31 +00:00
|
|
|
|
2019-09-26 23:37:42 +00:00
|
|
|
module Arel
|
2018-02-24 06:45:50 +00:00
|
|
|
VERSION = "10.0.0"
|
2010-09-26 23:06:37 +00:00
|
|
|
|
2019-09-26 23:37:42 +00:00
|
|
|
# Wrap a known-safe SQL string for passing to query methods, e.g.
|
|
|
|
|
#
|
2021-08-06 21:58:38 +00:00
|
|
|
# Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)
|
2019-09-26 23:37:42 +00:00
|
|
|
#
|
|
|
|
|
# Great caution should be taken to avoid SQL injection vulnerabilities.
|
|
|
|
|
# This method should not be used with unsafe values such as request
|
|
|
|
|
# parameters or model attributes.
|
2023-01-14 10:37:35 +00:00
|
|
|
#
|
2023-02-04 00:01:21 +00:00
|
|
|
# Take a look at the {security guide}[https://guides.rubyonrails.org/security.html#sql-injection]
|
2023-01-14 10:37:35 +00:00
|
|
|
# for more information.
|
2022-11-28 05:47:43 +00:00
|
|
|
#
|
|
|
|
|
# To construct a more complex query fragment, including the possible
|
2023-05-07 00:34:45 +00:00
|
|
|
# use of user-provided values, the +sql_string+ may contain <tt>?</tt> and
|
2022-11-28 05:47:43 +00:00
|
|
|
# +:key+ placeholders, corresponding to the additional arguments. Note
|
|
|
|
|
# that this behavior only applies when bind value parameters are
|
|
|
|
|
# supplied in the call; without them, the placeholder tokens have no
|
|
|
|
|
# special meaning, and will be passed through to the query as-is.
|
2024-03-15 20:39:12 +00:00
|
|
|
#
|
|
|
|
|
# The +:retryable+ option can be used to mark the SQL as safe to retry.
|
|
|
|
|
# Use this option only if the SQL is idempotent, as it could be executed
|
|
|
|
|
# more than once.
|
|
|
|
|
def self.sql(sql_string, *positional_binds, retryable: false, **named_binds)
|
2022-11-28 05:47:43 +00:00
|
|
|
if positional_binds.empty? && named_binds.empty?
|
2024-03-15 20:39:12 +00:00
|
|
|
Arel::Nodes::SqlLiteral.new(sql_string, retryable: retryable)
|
2022-11-28 05:47:43 +00:00
|
|
|
else
|
|
|
|
|
Arel::Nodes::BoundSqlLiteral.new sql_string, positional_binds, named_binds
|
|
|
|
|
end
|
2010-09-29 00:08:28 +00:00
|
|
|
end
|
2010-12-23 02:02:56 +00:00
|
|
|
|
2019-09-26 23:37:42 +00:00
|
|
|
def self.star # :nodoc:
|
2024-03-15 20:39:12 +00:00
|
|
|
sql("*", retryable: true)
|
2010-12-23 02:02:56 +00:00
|
|
|
end
|
2018-09-27 19:53:43 +00:00
|
|
|
|
2019-09-26 23:37:42 +00:00
|
|
|
def self.arel_node?(value) # :nodoc:
|
2020-03-13 17:48:08 +00:00
|
|
|
value.is_a?(Arel::Nodes::Node) || value.is_a?(Arel::Attribute) || value.is_a?(Arel::Nodes::SqlLiteral)
|
2018-09-27 19:53:43 +00:00
|
|
|
end
|
|
|
|
|
|
2019-11-13 22:35:28 +00:00
|
|
|
def self.fetch_attribute(value, &block) # :nodoc:
|
2020-03-10 17:20:32 +00:00
|
|
|
unless String === value
|
|
|
|
|
value.fetch_attribute(&block)
|
2018-05-06 17:26:31 +00:00
|
|
|
end
|
|
|
|
|
end
|
2010-09-26 23:06:37 +00:00
|
|
|
end
|
