query_literals.rb

lib/sequel/extensions/query_literals.rb
Last Update: 2016-02-12 14:45:49 -0800

The query_literals extension changes Sequel's default behavior of the select, order and group methods so that if the first argument is a regular string, it is treated as a literal string, with the rest of the arguments (if any) treated as placeholder values. This allows you to write code such as:

DB[:table].select('a, b, ?', 2).group('a, b').order('c')

The default Sequel behavior would literalize that as:

SELECT 'a, b, ?', 2 FROM table GROUP BY 'a, b' ORDER BY 'c'

Using this extension changes the literalization to:

SELECT a, b, 2, FROM table GROUP BY a, b ORDER BY c

This extension makes select, group, and order methods operate like filter methods, which support the same interface. Note that this extension can add SQL injection vulnerabilities to existing code if any of the strings passed to one of the supported methods is derived from user input. For that reason, it should be used with caution.

You can load this extension into specific datasets:

ds = DB[:table]
ds = ds.extension(:query_literals)

Or you can load it into all of a database's datasets, which is probably the desired behavior if you are using this extension:

DB.extension(:query_literals)

Related module: Sequel::QueryLiterals