#34409 closed Cleanup/optimization (fixed)
Examples of fetching raw SQL don't work for non-unique column names.
| Reported by: | Jesper Olsson | Owned by: | Jesper Olsson |
|---|---|---|---|
| Component: | Documentation | Version: | 4.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
The documentation on executing custom SQL directly includes a code sample for dictfetchall. When the cursor executes a SELECT statement for two identically named table columns (e.g., "foo"."id" and "bar"."id") then the resulting dict ends up with just one id key.
In other words, the consumer may deal with a ID for bar when they expected an ID for foo, causing unanticipated behavior and threatening information security. This behavior can be very difficult to pin down, especially since Django is considered reputable.
The same problem can be observed in the code sample for namedtuplefetchall but will instead result in a runtime error.
Change History (7)
comment:1 by , 3 years ago
| Summary: | Docs(SQL): Logical error in code sample → Examples of fetching raw SQL don't work for non-unique column names. |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Bug → Cleanup/optimization |
comment:3 by , 3 years ago
| Easy pickings: | set |
|---|
comment:5 by , 3 years ago
| Patch needs improvement: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Note:
See TracTickets
for help on using tickets.
All examples in this documentation are for a single table, so column names are unique. Also, there is nothing in the
cursor.descriptionto help distinguish columns with the same name. Nevertheless, I agree that we could add a warning in the docs that returned column names should be unique. Would you like to prepare a patch?