Changes between Version 1 and Version 2 of Ticket #36152, comment 2
- Timestamp:
- Jan 28, 2025, 9:32:27 AM (2 days ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #36152, comment 2
v1 v2 5 5 The naive approach of adjusting `SQLCompiler.get_select` to escape percent signs could cause more harm than good as PEP-249 allows for `Cursor.execute` to be called with and without `params: tuple | None` and when `None` is provided no parameter interpolation takes place so the prior escaping would now assign the wrong alias. 6 6 7 In summary I think we should either wont-fix that one or accept it on the basis of augmenting `FORBIDDEN_ALIAS_PATTERN` .7 In summary I think we should either wont-fix that one or accept it on the basis of augmenting `FORBIDDEN_ALIAS_PATTERN` as the complexity and security tradeoff are not worth the UX benefits it would provide (particularly because it has been broken for years already).