#1454 closed defect (fixed)
[patch] DB API quotes some SQL clauses that are not words and shouldn't be quoted
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Database layer (models, ORM) | Version: | 0.91 |
Severity: | normal | Keywords: | yut |
Cc: | tytyty | Triage Stage: | Unreviewed |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The DB API produces incorrect SQL code with get_list() and related functions if I pass it a "select" parameter that is not a word (identifier), but doesn't have spaces in it. It quotes the parameter when it shouldn't. For example:
wordlist = words.get_list(select = { 'wordlen' : 'length(word)' })
This will produce, in part, " SELECT [...] ("length(word)") AS "wordlen" [...]
"
This patch is against v0.91. On the magic-removal branch, it looks like quote_only_if_word() in django/db/models/query.py has the same issue.
--- django/core/meta/__init__.py_0_91 2006-03-02 10:05:32.275065000 -0800 +++ django/core/meta/__init__.py 2006-03-02 10:07:04.622115000 -0800 @@ -1585,7 +1585,7 @@ def function_get_sql_clause(opts, **kwargs): def quote_only_if_word(word): - if ' ' in word: + if re.search('\W', word): return word else: return db.db.quote_name(word)
Change History (3)
comment:1 by , 19 years ago
Component: | Admin interface → Database wrapper |
---|
comment:2 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:3 by , 17 years ago
Cc: | added |
---|---|
Keywords: | yut added |
Note:
See TracTickets
for help on using tickets.
(In [3044]) Fixed #1454 -- Improved DB API quote_only_if_word() so that it doesn't quote 'select' parameters that are not all word characters. Thanks, dja@…