Changes between Initial Version and Version 1 of Ticket #25705, comment 16


Ignore:
Timestamp:
Jul 15, 2024, 12:29:35 PM (4 months ago)
Author:
Simon Charette

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #25705, comment 16

    initial v1  
    1818> Use the mogrify function in the first three backends, and manually quote the parameters in the other two.
    1919
    20 I ''think'' that would qualify as a form of emulation or best-effort wouldn't it? What guarantees do we have that the quoting is appropriate for all datatypes that these backends support as parameters? Are we feeling confident, knowing that users will attempt to pipe `str(qs.query)` into `raw` and that `Query.__str__` always use `DEFAULT_DB_ALIAS` for compilation (even if the proper backend can often only be determined as execution time) that we are exposing the right tools to users and we can commit to them being safe for the years to come?
     20I ''think'' that would qualify as a form of emulation or best-effort wouldn't it? What guarantees do we have that the quoting is appropriate for all datatypes that these backends support as parameters? Are we feeling confident, knowing that users will attempt to pipe `str(qs.query)` into `raw` and that `Query.__str__` always use `DEFAULT_DB_ALIAS` for compilation #25947 (even if the proper backend can often only be determined as execution time) that we are exposing the right tools to users and we can commit to them being safe for the years to come?
    2121
    2222IMO the usage of `raw(str(qs.query))`, and the main motive for this ticket, is a symptom of a lack of documented way for safely building and executing the SQL and parameters from a `QuerySet` object which makes me believe the focus should be on documenting `queryset.qs.sql_with_params()` first instead?
Back to Top