Opened 20 years ago

Closed 20 years ago

#815 closed defect (fixed)

[patch] select keyword to lookup_kwargs are being quoted incorrectly in query

Reported by: rezzrovv Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: major Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Here is the issue:

@@ -1466,7 +1519,7 @@

     # Add any additional SELECTs passed in via kwargs.
     if kwargs.get('select'):
-        select.extend(['(%s) AS %s' % (s[1], s[0]) for s in kwargs['select']])
+        select.extend(['(%s) AS %s' % (db.db.quote_name(s[1]), db.db.quote_name(s[0])) for s in kwargs['select']])

If you have:
select={

'choice_count': 'SELECT COUNT(*) FROM choices WHERE poll_id = polls.id'

}

as described in the tutorial then you will get:
select somecol, ("SELECT COUNT(*) FROM choices WHERE poll_id = polls.id") as "choice_count") from ...
versus
select somecol, (SELECT COUNT(*) FROM choices WHERE poll_id = polls.id) as "choice_count") from ...
as it should be.

Simply reverting this one line back works but not sure why it was changed in the first place.

Change History (4)

comment:1 by rezzrovv, 20 years ago

Owner: changed from rjwittams to anonymous
Summary: (new-admin) select keyword to lookup_kwargs are being quoted incorrectly in queryselect keyword to lookup_kwargs are being quoted incorrectly in query

apparently this was merged from trunk and not new-admin as I thought.

comment:2 by rjwittams, 20 years ago

Owner: changed from anonymous to Adrian Holovaty

The issue here is that some things passed to this keyword should be quoted and others shouldn't . So maybe this needs to be split into two kwargs, select and select_raw.

comment:3 by hugo, 20 years ago

Summary: select keyword to lookup_kwargs are being quoted incorrectly in query[patch] select keyword to lookup_kwargs are being quoted incorrectly in query

Or we just check wether the to-be-quoted element contains any spaces - if it contains whitespace, it can't be a simple column name and doesn't need quoting. if it does not contain whitespace, it can be quoted without problems.

=== core/meta/__init__.py
==================================================================
--- core/meta/__init__.py  (revision 1831)
+++ core/meta/__init__.py  (local)
@@ -1518,8 +1518,14 @@
         _fill_table_cache(opts, select, tables, where, opts.db_table, [opts.db_table])
 
     # Add any additional SELECTs passed in via kwargs.
+    def quote_only_if_word(word):
+        if word.find(' ')>=0:
+            return word
+        else:
+            return db.db.quote_name(word)
+
     if kwargs.get('select'):
-        select.extend(['(%s) AS %s' % (db.db.quote_name(s[1]), db.db.quote_name(s[0])) for s in kwargs['select']])
+        select.extend(['(%s) AS %s' % (quote_only_if_word(s[1]), quote_only_if_word(s[0])) for s in kwargs['select']])
 
     # ORDER BY clause
     order_by = []

(this diff is against new_admin, but in trunk it should look mostly the same)

comment:4 by Adrian Holovaty, 20 years ago

Resolution: fixed
Status: newclosed

(In [1274]) Fixed #815 -- 'select' keyword in DB API calls is now quoted correctly. Thanks, Hugo

Note: See TracTickets for help on using tickets.
Back to Top