id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
10724	Derived quries used in extra(tables=[]) should not be escaped	Ben Davis	nobody	"example:
{{{
#!python
subquery_earned = ""(SELECT user_id, SUM(points) AS points FROM rewards_userpointearning) AS points_earned""
subquery_spent = ""(SELECT user_id, SUM(points) AS points FROM rewards_order) AS points_spent""
condition = ""points_earned.user_id = auth_user.id AND points_spent.user_id = auth_user.id""  #join
select = {'points_balance' : 'points_earned.points - points_spent.points'}
q = User.objects.get_query_set().extra(select=select, tables=[subquery_earned, subquery_spent], where=[condition])
q = q.order_by('-points_balance')
}}}
The resulting query is: 
{{{
#!sql
SELECT (points_earned.points - points_spent.points) AS `points_balance`, `auth_user`.`id` 
FROM 
  `auth_user` , 
  `(SELECT user_id, SUM(points) AS points FROM rewards_userpointearning) AS points_earned` , 
  `(SELECT user_id, SUM(points) AS points FROM rewards_order) AS points_spent` 
WHERE points_earned.user_id = auth_user.id AND points_spent.user_id = auth_user.id 
ORDER BY `points_balance` DESC
}}}
In MySQL, this results in the error:
{{{
ProgrammingError: (1103, ""Incorrect table name '(SELECT user_id, SUM(points) AS points FROM rewards_userpointearning) AS points_earned'"")
}}}

Django should detect whether a table that's been passed through extra()'s tables parameter is a real table or not,  and only add backticks when necessary."		closed	Uncategorized	dev		wontfix			Unreviewed	0	0	0	0	0	0