Pg: Be more strict with boolean bind parameters
Reason for this is that, with FU::SQL, it's possible to accidentally introduce a bind parameter when a WHERE clause was intended (i.e. "WHERE $1"). That's pretty bad, but can easily be caught by simply not accepting *every* possible value as boolean.
This commit is contained in:
Yorhel
parent
02b1dcc328
commit
a7868f74bf
3 changed files with 26 additions and 8 deletions
10
FU/Pg.pm
10
FU/Pg.pm
|
|
@ -631,10 +631,12 @@ Some built-in types deserve a few additional notes:
|
|||
|
||||
=item bool
|
||||
|
||||
Boolean values are converted to C<builtin::true> and C<builtin::false>. As bind
|
||||
parameters, Perl's idea of truthiness is used: C<0>, C<false> and C<""> are
|
||||
false, everything else is true. Objects that overload I<bool> are also
|
||||
supported. C<undef> always converts to SQL C<NULL>.
|
||||
Boolean values are converted to C<builtin::true> and C<builtin::false>.
|
||||
|
||||
As bind parameters, values recognized by C<to_bool()> in L<FU::Util> are
|
||||
accepted, in addition to C<0>, C<"f"> and C<""> for false and C<1>, and C<"t">
|
||||
for true. C<undef> always converts to SQL C<NULL>. Everything else throws an
|
||||
error.
|
||||
|
||||
=item bytea
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue