id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
12611	Incorrect quoting in QuerySet.query.__str__()	Jason McVetta	nobody	"When I call {{{__str__()}}} on a {{{QuerySet}}} object's {{{query}}} member, it returns invalid SQL.  Arguments to the WHERE clause are not quoted.  This bug makes it difficult to log queries then feed them to the database's EXPLAIN command for performance analysis.  

For instance, if we construct a {{{QuerySet}}} like this:
{{{
ogtt75_events = [
    'ogtt75_fasting_pos',
    'ogtt75_random_pos',
    'ogtt75_30m_pos',
    'ogtt75_1hr_pos',
    'ogtt75_90m_pos',
    'ogtt75_2hr_pos',
    ]
q_obj = Q(name__in=ogtt75_events)
q_obj &= Q(patient__event__name='pregnancy_diagnosis')
qs = Event.objects.filter(q_obj)
}}}

it will return SQL like this (fed through {{{sqlparse}}} library for pretty indentation):

{{{
SELECT ""hef_event"".""id"",
       ""hef_event"".""name"",
       ""hef_event"".""date"",
       ""hef_event"".""patient_id"",
       ""hef_event"".""timestamp"",
       ""hef_event"".""run_id"",
       ""hef_event"".""content_type_id"",
       ""hef_event"".""object_id""
FROM ""hef_event""
INNER JOIN ""emr_patient"" ON (""hef_event"".""patient_id"" = ""emr_patient"".""id"")
INNER JOIN ""hef_event"" T3 ON (""emr_patient"".""id"" = T3.""patient_id"")
WHERE (""hef_event"".""name"" IN (ogtt75_fasting_pos,
                              ogtt75_random_pos,
                              ogtt75_30m_pos,
                              ogtt75_1hr_pos,
                              ogtt75_90m_pos,
                              ogtt75_2hr_pos)
       AND T3.""name"" = pregnancy_diagnosis)
ORDER BY ""hef_event"".""date"" ASC, ""hef_event"".""patient_id"" ASC, ""hef_event"".""name"" ASC
}}}

This behavior was observed using the latest trunk checkout of Django, with PostgreSQL as backend.
"		closed	Database layer (models, ORM)	dev		wontfix	sql quoting		Someday/Maybe	0	0	0	0	0	0