Opened 19 years ago

Closed 19 years ago

Last modified 18 years ago

#967 closed enhancement (fixed)

[patch] Safe quoting of table names

Reported by: freakboy@… Owned by: Adrian Holovaty
Component: Database layer (models, ORM) Version:
Severity: minor Keywords: tables database safe quote quoting
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

A discussion on
this thread of django-users lead to the suggestion that the contents provided to the "tables" kwarg of a database query should be optionally quoted (as happens for the "select" kwarg), rather the being arbitrarily quoted. This would allow the use of subselect clauses in the "tables" kwarg.

This patch moves the declaration of the 'safe quoting' function quote_only_if_word() a little earlier in its parent function, and uses the safe quoter on the contents of the tables clause.

Existing usage of nominating a table name in the tables=[] list is unaffected, as table names will not have spaces, and will therefore continue to be quoted.

Attachments (1)

safe_quoted_tables.diff (1.6 KB ) - added by freakboy@… 19 years ago.
Patch for safe quoting of table names in db queries

Download all attachments as: .zip

Change History (2)

by freakboy@…, 19 years ago

Attachment: safe_quoted_tables.diff added

Patch for safe quoting of table names in db queries

comment:1 by Adrian Holovaty, 19 years ago

Resolution: fixed
Status: newclosed

(In [1581]) Fixed #967 -- 'tables' parameter in DB API is now only quoted if needed. Thanks, Russell Keith-Magee

Note: See TracTickets for help on using tickets.
Back to Top