id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
30145	SQLCompiler do not escape names correctly	Artem Skoretskiy	nobody	"I generate custom SQL and I have tried to use `SQLCompiler` to escape (quote) table names. But it does not work as expected:

{{{
>>> from django.contrib.auth.models import User
>>> qs = User.objects.all()
>>> compiler = qs.query.get_compiler(using=qs.db)
>>> name = 'b""; drop table ""world'
>>> sql = 'alter table x rename column a to {};'.format(compiler.quote_name_unless_alias(name))
>>> print(sql)
alter table x rename column a to ""b""; drop table ""world"";
}}}

I would expect that it would return name that I could use in raw SQL.

You could try youself:

{{{
docker run -ti --rm python:3.7-alpine sh -c ""pip install -q https://github.com/django/django/archive/master.zip && django-admin.py startproject project . && ./manage.py shell""
}}}"	Bug	closed	Database layer (models, ORM)	dev	Normal	invalid			Unreviewed	0	0	0	0	0	0