Django

Code

Ticket #1454 (closed: fixed)

Opened 2 years ago

Last modified 1 year ago

[patch] DB API quotes some SQL clauses that are not words and shouldn't be quoted

Reported by: dja@cdc.msbx.net Assigned to: adrian
Milestone: Component: Database wrapper
Version: 0.91 Keywords: yut
Cc: tytyty Triage Stage: Unreviewed
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

The DB API produces incorrect SQL code with get_list() and related functions if I pass it a "select" parameter that is not a word (identifier), but doesn't have spaces in it. It quotes the parameter when it shouldn't. For example: 

  wordlist = words.get_list(select = { 'wordlen' : 'length(word)' })

This will produce, in part, " SELECT [...] ("length(word)") AS "wordlen" [...] "

This patch is against v0.91. On the magic-removal branch, it looks like quote_only_if_word() in django/db/models/query.py has the same issue. 

--- django/core/meta/__init__.py_0_91   2006-03-02 10:05:32.275065000 -0800
+++ django/core/meta/__init__.py        2006-03-02 10:07:04.622115000 -0800
@@ -1585,7 +1585,7 @@

 def function_get_sql_clause(opts, **kwargs):
     def quote_only_if_word(word):
-        if ' ' in word:
+        if re.search('\W', word):
             return word
         else:
             return db.db.quote_name(word)

Attachments

Change History

03/02/06 12:43:26 changed by anonymous

  • component changed from Admin interface to Database wrapper.

05/31/06 23:47:57 changed by adrian

  • status changed from new to closed.
  • resolution set to fixed.

(In [3044]) Fixed #1454 -- Improved DB API quote_only_if_word() so that it doesn't quote 'select' parameters that are not all word characters. Thanks, dja@cdc.msbx.net

07/08/07 12:50:24 changed by anonymous

  • cc set to tytyty.
  • keywords set to yut.

Add/Change #1454 ([patch] DB API quotes some SQL clauses that are not words and shouldn't be quoted)




Change Properties
Action