[Dbix-class] order by field?
Peter Rabbitson
rabbit+dbic at rabbit.us
Tue Dec 18 10:35:01 GMT 2012
On Tue, Dec 18, 2012 at 12:29:10PM +0200, Octavian Rasnita wrote:
> From: "Peter Rabbitson" <rabbit+dbic at rabbit.us>
>
>
> > On Tue, Dec 18, 2012 at 10:53:25AM +0200, Octavian Rasnita wrote:
> >> From: "Peter Rabbitson" <rabbit+dbic at rabbit.us>
> >>
> >> > On Mon, Dec 17, 2012 at 11:04:22AM +0100, QE :: Felix Ostmann wrote:
> >> >> I am doing such a order with the following SQL:
> >> >>
> >> >> ...
> >> >> ORDER BY
> >> >> (department = 'Marketing') DESC,
> >> >> (department = 'Sales') DESC,
> >> >> (department = 'Financial') DESC,
> >> >> (department = 'IT') DESC,
> >> >> (department = 'Operations') DESC,
> >> >> ...
> >> >>
> >> >> But there is no special way to use this with DBIx::Class :-/
> >> >>
> >> >
> >> > Can you elaborate? You can always do:
> >> >
> >> > order_by => \' anything you feel like goes here'.
> >> >
> >> > Is this not sufficient?
> >> >
> >> > Cheers
> >> >
> >>
> >>
> >>
> >> I can do:
> >>
> >> order_by => \'field(department, "Marketing", "Sales", "IT")',
> >>
> >> But the problem is that those names of the departments should be manually cleaned/escaped before inserting them in that script, to avoid SQL injection.
> >
> > I actually misread the above, didn't pay enough attention that only department
> > is an identifier. You'd want to do:
> >
> > order_by => \[ 'field(department, ?, ?, ?)',
> > [ {} => 'Marketing' ],
> > [ {} => 'Sales' ],
> > [ {} => 'IT' ],
> > ],
> >
> > Cheers
>
>
>
> Great if this method works with order_by too.
>
The \'' and \[] SQLA idioms should work universally throughout DBIC. If
you find an invocation that does not take them - please report it as a
glaring bug.
Cheers
More information about the DBIx-Class
mailing list