Opened 9 years ago
Last modified 2 months ago
#25705 new Cleanup/optimization
Parameters are not adapted or quoted in Query.__str__
| Reported by: | Dmitry Dygalo | Owned by: | |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Petr Přikryl, Ülgen Sarıkavak | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
Now it is just string interpolation of the SQL template with parameters and in most cases produces invalid queries for the following reasons:
- No quoting
- No adaptation. So, some python objects will be used as is, not like their SQL equivalents
Yes, there are situations, when output of Query.__str__ is equal to actual query. But for debugging reasons, it will be better to see real query here. Also it is logical and expected behavior of this method - to show actual query.
Attachments (1)
Change History (11)
comment:1 by , 9 years ago
| Has patch: | set |
|---|---|
| Needs tests: | set |
| Owner: | changed from to |
| Patch needs improvement: | set |
| Status: | new → assigned |
by , 9 years ago
| Attachment: | ticket25705.patch added |
|---|
comment:2 by , 9 years ago
Commit: https://github.com/Stranger6667/django/commit/b2e36668a6877fe29923493e5669402dd30d6421
This issue is more general case of #24991
comment:3 by , 9 years ago
comment:4 by , 9 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:5 by , 5 years ago
Replying to Dmitry Dygalo:
Now it is just string interpolation of the SQL template with parameters and in most cases produces invalid queries for the following reasons:
- No quoting
- No adaptation. So, some python objects will be used as is, not like their SQL equivalents
Yes, there are situations, when output of
Query.__str__is equal to actual query. But for debugging reasons, it will be better to see real query here. Also it is logical and expected behavior of this method - to show actual query.
Fascinating. I inadvertantly filed a duplicate of this it seems:
https://code.djangoproject.com/ticket/30132#ticket
and I would dearly love this fixed. In essence Query.__str__ should return exactly what is logged as per here:
so we can reliably see and extract teh SQL of a query in a production environment in which DEBUG is not enabled!
I would gladly fix this and PR it, if I had the skills and I am close to that, as I am coding and debugging python, but single stepping into Query.__str__ didn't find me a quick easy answer and I bailed for now. So if you have any tips as to where the code is that Query.__str__ uses to generate SQL and where the code is that logs SQL to connection.queries I canbegin to look at it consider how this might be fixed.
It seems to me an experience Django coder could fix this in minutes and that there should be a regression test for this kind of code:
qs=model.objects.somequeryset sql=str(qs.query) raw_qs=model.objects.raw(sql)
I have a test bed in which I confirmed this failure here:
Let me know how I might help get this fixed sooner, given ti was reported 3 years ago and is still not fixed!
comment:7 by , 3 years ago
| Cc: | added |
|---|
comment:8 by , 2 years ago
comment:9 by , 2 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
comment:10 by , 2 months ago
| Cc: | added |
|---|
Initial draft