Opened 15 years ago
Closed 15 years ago
#12611 closed (wontfix)
Incorrect quoting in QuerySet.query.__str__()
| Reported by: | Jason McVetta | Owned by: | nobody |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | dev |
| Severity: | Keywords: | sql quoting | |
| Cc: | Triage Stage: | Someday/Maybe | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When I call __str__() on a QuerySet object's query member, it returns invalid SQL. Arguments to the WHERE clause are not quoted. This bug makes it difficult to log queries then feed them to the database's EXPLAIN command for performance analysis.
For instance, if we construct a QuerySet like this:
ogtt75_events = [
'ogtt75_fasting_pos',
'ogtt75_random_pos',
'ogtt75_30m_pos',
'ogtt75_1hr_pos',
'ogtt75_90m_pos',
'ogtt75_2hr_pos',
]
q_obj = Q(name__in=ogtt75_events)
q_obj &= Q(patient__event__name='pregnancy_diagnosis')
qs = Event.objects.filter(q_obj)
it will return SQL like this (fed through sqlparse library for pretty indentation):
SELECT "hef_event"."id",
"hef_event"."name",
"hef_event"."date",
"hef_event"."patient_id",
"hef_event"."timestamp",
"hef_event"."run_id",
"hef_event"."content_type_id",
"hef_event"."object_id"
FROM "hef_event"
INNER JOIN "emr_patient" ON ("hef_event"."patient_id" = "emr_patient"."id")
INNER JOIN "hef_event" T3 ON ("emr_patient"."id" = T3."patient_id")
WHERE ("hef_event"."name" IN (ogtt75_fasting_pos,
ogtt75_random_pos,
ogtt75_30m_pos,
ogtt75_1hr_pos,
ogtt75_90m_pos,
ogtt75_2hr_pos)
AND T3."name" = pregnancy_diagnosis)
ORDER BY "hef_event"."date" ASC, "hef_event"."patient_id" ASC, "hef_event"."name" ASC
This behavior was observed using the latest trunk checkout of Django, with PostgreSQL as backend.
Change History (1)
comment:1 by , 15 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
| Triage Stage: | Unreviewed → Someday/Maybe |
Note:
See TracTickets
for help on using tickets.
I completely acknowledge the problem, but it is non-trivial to fix. Database quoting is actually done by the database cursor at the time of query execution. What is returned by QuerySet.query is the best attempt at rendering the query as it will be executed, but there's no guarantee it will be completely accurate.
Marking wontfix due to the absence of a workable solution. If anyone can propose something (that doesn't involve reimplementing the full quoting behavior of a DB cursor), please reopen with that suggestion.