New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relation#where build BoundSqlLiteral rather than eagerly interpolate #51139
Conversation
Ref: rails#51139 Makes it more clear that the expected behavior really is.
Ref: rails#51139 Makes it more clear that the expected behavior really is.
Here's a quick & dirty rebase of my stash from when I was working on this: main...matthewd:rails:assemble-sql I don't really remember what state it was in at the time, sorry, but I'm guessing it was something other than "usable" -- at most it might be interesting as a sketch of the approach that I had in my head. |
da28b5e
to
27facb9
Compare
Thanks for the link. There's definitely some resemblance with my PR, especially |
1a144e3
to
03e8f44
Compare
IIRC the intention was to move all internals to compile, and leave sanitize as existing public API (at least pending deprecation) |
I see. So just a cleanup / consolidation. Deferring the quoting wasn't a concern. That helps! BTW, I'm on the fence between merging this pretty much as is, or trying to also support the named binds in the same PR. |
03e8f44
to
ab5b9af
Compare
Alright, It now also handle The |
dfcddbb
to
679a6c6
Compare
Ref: rails#50793 To make not caching connection checkout viable, we need to reduced the amount of places where we need a connection. Once big source of this is query/relation building, where in many cases it eagerly quote and interpolation bound values in SQL fragments. Doing this requires an active connection because both MySQL and Postgres may quote values differently based on the connection settings. Instead of eagerly doing all this, we can instead just insert these as bound values in the Arel AST. For adapters with prepared statements this is better anyway as it will avoid leaking statements, and for those that don't support it, it will simply delay the quoting to just before the query is executed. However, the `%` API (`where("title = %s", something)`) can't realistically be fixed this way, but I don't see much value in it and it probably should be deprecated and removed.
679a6c6
to
8e6a5de
Compare
Ref: rails#51139 Makes it more clear that the expected behavior really is.
Ref: rails#51139 Makes it more clear that the expected behavior really is.
Ref: #50793
To make not caching connection checkout viable, we need to reduced the amount of places where we need a connection.
Once big source of this is query/relation building, where in many cases it eagerly quote and interpolation bound values in SQL fragments.
Doing this requires an active connection because both MySQL and Postgres may quote values differently based on the connection settings.
Instead of eagerly doing all this, we can instead just insert these as bound values in the Arel AST. For adapters with prepared statements this is better anyway as it will avoid leaking statements, and for those that don't support it, it will simply delay the quoting to just before the query is executed.
However, the
%
API (where("title = %s", something)
) can't realisticallybe fixed this way, but I don't see much value in it and it probably should
be deprecated and removed.
Also CC @matthewd because I noticed #46600 so it look like you were headed in this same direction? Perhaps you have some insights to share.