Code

Opened 9 years ago

Closed 9 years ago

#815 closed defect (fixed)

[patch] select keyword to lookup_kwargs are being quoted incorrectly in query

Reported by: rezzrovv Owned by: adrian
Component: Core (Other) Version:
Severity: major Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Here is the issue:

@@ -1466,7 +1519,7 @@

     # Add any additional SELECTs passed in via kwargs.
     if kwargs.get('select'):
-        select.extend(['(%s) AS %s' % (s[1], s[0]) for s in kwargs['select']])
+        select.extend(['(%s) AS %s' % (db.db.quote_name(s[1]), db.db.quote_name(s[0])) for s in kwargs['select']])

If you have:
select={

'choice_count': 'SELECT COUNT(*) FROM choices WHERE poll_id = polls.id'

}

as described in the tutorial then you will get:
select somecol, ("SELECT COUNT(*) FROM choices WHERE poll_id = polls.id") as "choice_count") from ...
versus
select somecol, (SELECT COUNT(*) FROM choices WHERE poll_id = polls.id) as "choice_count") from ...
as it should be.

Simply reverting this one line back works but not sure why it was changed in the first place.

Attachments (0)

Change History (4)

comment:1 Changed 9 years ago by rezzrovv

  • Owner changed from rjwittams to anonymous
  • Summary changed from (new-admin) select keyword to lookup_kwargs are being quoted incorrectly in query to select keyword to lookup_kwargs are being quoted incorrectly in query

apparently this was merged from trunk and not new-admin as I thought.

comment:2 Changed 9 years ago by rjwittams

  • Owner changed from anonymous to adrian

The issue here is that some things passed to this keyword should be quoted and others shouldn't . So maybe this needs to be split into two kwargs, select and select_raw.

comment:3 Changed 9 years ago by hugo

  • Summary changed from select keyword to lookup_kwargs are being quoted incorrectly in query to [patch] select keyword to lookup_kwargs are being quoted incorrectly in query

Or we just check wether the to-be-quoted element contains any spaces - if it contains whitespace, it can't be a simple column name and doesn't need quoting. if it does not contain whitespace, it can be quoted without problems.

=== core/meta/__init__.py
==================================================================
--- core/meta/__init__.py  (revision 1831)
+++ core/meta/__init__.py  (local)
@@ -1518,8 +1518,14 @@
         _fill_table_cache(opts, select, tables, where, opts.db_table, [opts.db_table])
 
     # Add any additional SELECTs passed in via kwargs.
+    def quote_only_if_word(word):
+        if word.find(' ')>=0:
+            return word
+        else:
+            return db.db.quote_name(word)
+
     if kwargs.get('select'):
-        select.extend(['(%s) AS %s' % (db.db.quote_name(s[1]), db.db.quote_name(s[0])) for s in kwargs['select']])
+        select.extend(['(%s) AS %s' % (quote_only_if_word(s[1]), quote_only_if_word(s[0])) for s in kwargs['select']])
 
     # ORDER BY clause
     order_by = []

(this diff is against new_admin, but in trunk it should look mostly the same)

comment:4 Changed 9 years ago by adrian

  • Resolution set to fixed
  • Status changed from new to closed

(In [1274]) Fixed #815 -- 'select' keyword in DB API calls is now quoted correctly. Thanks, Hugo

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.