Opened 19 years ago

Closed 18 years ago

Last modified 17 years ago

#1454 closed defect (fixed)

[patch] DB API quotes some SQL clauses that are not words and shouldn't be quoted

Reported by: dja@… Owned by: Adrian Holovaty
Component: Database layer (models, ORM) Version: 0.91
Severity: normal Keywords: yut
Cc: tytyty Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The DB API produces incorrect SQL code with get_list() and related functions if I pass it a "select" parameter that is not a word (identifier), but doesn't have spaces in it. It quotes the parameter when it shouldn't. For example:

  wordlist = words.get_list(select = { 'wordlen' : 'length(word)' })

This will produce, in part, " SELECT [...] ("length(word)") AS "wordlen" [...] "

This patch is against v0.91. On the magic-removal branch, it looks like quote_only_if_word() in django/db/models/query.py has the same issue.

--- django/core/meta/__init__.py_0_91   2006-03-02 10:05:32.275065000 -0800
+++ django/core/meta/__init__.py        2006-03-02 10:07:04.622115000 -0800
@@ -1585,7 +1585,7 @@

 def function_get_sql_clause(opts, **kwargs):
     def quote_only_if_word(word):
-        if ' ' in word:
+        if re.search('\W', word):
             return word
         else:
             return db.db.quote_name(word)

Change History (3)

comment:1 by anonymous, 19 years ago

Component: Admin interfaceDatabase wrapper

comment:2 by Adrian Holovaty, 18 years ago

Resolution: fixed
Status: newclosed

(In [3044]) Fixed #1454 -- Improved DB API quote_only_if_word() so that it doesn't quote 'select' parameters that are not all word characters. Thanks, dja@…

comment:3 by anonymous, 17 years ago

Cc: tytyty added
Keywords: yut added
Note: See TracTickets for help on using tickets.
Back to Top