Opened 20 months ago

Closed 20 months ago

Last modified 20 months ago

#34409 closed Cleanup/optimization (fixed)

Examples of fetching raw SQL don't work for non-unique column names.

Reported by: Jesper Olsson Owned by: Jesper Olsson
Component: Documentation Version: 4.1
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

The documentation on executing custom SQL directly includes a code sample for dictfetchall. When the cursor executes a SELECT statement for two identically named table columns (e.g., "foo"."id" and "bar"."id") then the resulting dict ends up with just one id key.

In other words, the consumer may deal with a ID for bar when they expected an ID for foo, causing unanticipated behavior and threatening information security. This behavior can be very difficult to pin down, especially since Django is considered reputable.

The same problem can be observed in the code sample for namedtuplefetchall but will instead result in a runtime error.

Change History (7)

comment:1 by Mariusz Felisiak, 20 months ago

Summary: Docs(SQL): Logical error in code sampleExamples of fetching raw SQL don't work for non-unique column names.
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization

All examples in this documentation are for a single table, so column names are unique. Also, there is nothing in the cursor.description to help distinguish columns with the same name. Nevertheless, I agree that we could add a warning in the docs that returned column names should be unique. Would you like to prepare a patch?

comment:2 by Jesper Olsson, 20 months ago

Owner: changed from nobody to Jesper Olsson
Status: newassigned

Sure, I'll have a go!

comment:3 by Mariusz Felisiak, 20 months ago

Easy pickings: set

comment:4 by Mariusz Felisiak, 20 months ago

Has patch: set
Patch needs improvement: set

comment:5 by Mariusz Felisiak, 20 months ago

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:6 by GitHub <noreply@…>, 20 months ago

Resolution: fixed
Status: assignedclosed

In 216eb638:

Fixed #34409 -- Doc'd limitation of dictfetchall() and namedtuplefetchall() examples.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@…>

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 20 months ago

In b0b76976:

[4.2.x] Fixed #34409 -- Doc'd limitation of dictfetchall() and namedtuplefetchall() examples.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@…>
Backport of 216eb63883050f6a3bf5d306e42972e7a6b6dff5 from main

Note: See TracTickets for help on using tickets.
Back to Top