#967 closed enhancement (fixed)
[patch] Safe quoting of table names
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | |
| Severity: | minor | Keywords: | tables database safe quote quoting |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
A discussion on
this thread of django-users lead to the suggestion that the contents provided to the "tables" kwarg of a database query should be optionally quoted (as happens for the "select" kwarg), rather the being arbitrarily quoted. This would allow the use of subselect clauses in the "tables" kwarg.
This patch moves the declaration of the 'safe quoting' function quote_only_if_word() a little earlier in its parent function, and uses the safe quoter on the contents of the tables clause.
Existing usage of nominating a table name in the tables=[] list is unaffected, as table names will not have spaces, and will therefore continue to be quoted.
Attachments (1)
Change History (2)
by , 18 years ago
| Attachment: | safe_quoted_tables.diff added |
|---|
comment:1 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Patch for safe quoting of table names in db queries