... | ... |
@@ -1583,7 +1583,9 @@ sub _where_clause_and_param { |
1583 | 1583 |
|
1584 | 1584 |
if (ref $where eq 'HASH') { |
1585 | 1585 |
my $clause = ['and']; |
1586 |
+ my $column_join = ''; |
|
1586 | 1587 |
for my $column (keys %$where) { |
1588 |
+ my $column_join .= $column_join; |
|
1587 | 1589 |
my $table; |
1588 | 1590 |
my $c; |
1589 | 1591 |
if ($column =~ /(?:(.*?)\.)?(.*)/) { |
... | ... |
@@ -1598,6 +1600,16 @@ sub _where_clause_and_param { |
1598 | 1600 |
if defined $table_quote; |
1599 | 1601 |
push @$clause, "$column_quote = :$column"; |
1600 | 1602 |
} |
1603 |
+ |
|
1604 |
+ # Check unsafety column |
|
1605 |
+ my $safety = $self->safety_character; |
|
1606 |
+ unless ($column_join =~ /^[$safety\.]+$/) { |
|
1607 |
+ for my $column (keys %$where) { |
|
1608 |
+ croak qq{"$column" is not safety column name } . _subname |
|
1609 |
+ unless $column =~ /^[$safety\.]+$/; |
|
1610 |
+ } |
|
1611 |
+ } |
|
1612 |
+ |
|
1601 | 1613 |
$obj = $self->where(clause => $clause, param => $where); |
1602 | 1614 |
} |
1603 | 1615 |
elsif (ref $where eq 'DBIx::Custom::Where') { $obj = $where } |
... | ... |
@@ -28,14 +28,6 @@ sub new { |
28 | 28 |
sub to_string { |
29 | 29 |
my $self = shift; |
30 | 30 |
|
31 |
- # Check if column name is safety character; |
|
32 |
- my $safety = $self->dbi->safety_character; |
|
33 |
- if (ref $self->param eq 'HASH') { |
|
34 |
- for my $column (keys %{$self->param}) { |
|
35 |
- croak qq{"$column" is not safety column name (} . _subname . ")" |
|
36 |
- unless $column =~ /^[$safety\.]+$/; |
|
37 |
- } |
|
38 |
- } |
|
39 | 31 |
# Clause |
40 | 32 |
my $clause = $self->clause; |
41 | 33 |
$clause = ['and', $clause] unless ref $clause eq 'ARRAY'; |
... | ... |
@@ -50,15 +42,6 @@ sub to_string { |
50 | 42 |
$self->{_tag_parse} = $self->dbi->tag_parse; |
51 | 43 |
$self->_parse($clause, $where, $count, 'and'); |
52 | 44 |
|
53 |
- |
|
54 |
- # Check safety |
|
55 |
- unless (join('', keys %$count) =~ /^[$self->{_safety_character}\.]+$/) { |
|
56 |
- for my $column (keys %$count) { |
|
57 |
- croak qq{"$column" is not safety column name (} . _subname . ")" |
|
58 |
- unless $column =~ /^[$self->{_safety_character}\.]+$/; |
|
59 |
- } |
|
60 |
- } |
|
61 |
- |
|
62 | 45 |
# Stringify |
63 | 46 |
unshift @$where, 'where' if @$where; |
64 | 47 |
return join(' ', @$where); |