Code

Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#967 closed enhancement (fixed)

[patch] Safe quoting of table names

Reported by: freakboy@… Owned by: adrian
Component: Database layer (models, ORM) Version:
Severity: minor Keywords: tables database safe quote quoting
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

A discussion on
this thread of django-users lead to the suggestion that the contents provided to the "tables" kwarg of a database query should be optionally quoted (as happens for the "select" kwarg), rather the being arbitrarily quoted. This would allow the use of subselect clauses in the "tables" kwarg.

This patch moves the declaration of the 'safe quoting' function quote_only_if_word() a little earlier in its parent function, and uses the safe quoter on the contents of the tables clause.

Existing usage of nominating a table name in the tables=[] list is unaffected, as table names will not have spaces, and will therefore continue to be quoted.

Attachments (1)

safe_quoted_tables.diff (1.6 KB) - added by freakboy@… 8 years ago.
Patch for safe quoting of table names in db queries

Download all attachments as: .zip

Change History (2)

Changed 8 years ago by freakboy@…

Patch for safe quoting of table names in db queries

comment:1 Changed 8 years ago by adrian

  • Resolution set to fixed
  • Status changed from new to closed

(In [1581]) Fixed #967 -- 'tables' parameter in DB API is now only quoted if needed. Thanks, Russell Keith-Magee

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.