#1454 closed defect (fixed)
[patch] DB API quotes some SQL clauses that are not words and shouldn't be quoted
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | 0.91 |
| Severity: | normal | Keywords: | yut |
| Cc: | tytyty | Triage Stage: | Unreviewed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The DB API produces incorrect SQL code with get_list() and related functions if I pass it a "select" parameter that is not a word (identifier), but doesn't have spaces in it. It quotes the parameter when it shouldn't. For example:
wordlist = words.get_list(select = { 'wordlen' : 'length(word)' })
This will produce, in part, " SELECT [...] ("length(word)") AS "wordlen" [...] "
This patch is against v0.91. On the magic-removal branch, it looks like quote_only_if_word() in django/db/models/query.py has the same issue.
--- django/core/meta/__init__.py_0_91 2006-03-02 10:05:32.275065000 -0800
+++ django/core/meta/__init__.py 2006-03-02 10:07:04.622115000 -0800
@@ -1585,7 +1585,7 @@
def function_get_sql_clause(opts, **kwargs):
def quote_only_if_word(word):
- if ' ' in word:
+ if re.search('\W', word):
return word
else:
return db.db.quote_name(word)
Change History (3)
comment:1 by , 18 years ago
| Component: | Admin interface → Database wrapper |
|---|
comment:2 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:3 by , 17 years ago
| Cc: | added |
|---|---|
| Keywords: | yut added |
Note:
See TracTickets
for help on using tickets.
(In [3044]) Fixed #1454 -- Improved DB API quote_only_if_word() so that it doesn't quote 'select' parameters that are not all word characters. Thanks, dja@…