#34168: add proper quoting for lists in raw SQL queries
-------------------------------------+-------------------------------------
Reporter: Marek | Owner: nobody
Rouchal |
Type: New | Status: new
feature |
Component: Database | Version: 4.1
layer (models, ORM) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Django's .raw() function already has the params=[] argument to inject
properly quoted strings - but what if I need to inject a list (of strings
or numbers), like in:
WHERE item.color IN ('red', 'green', 'blue'). # %s being: ['red',
'green', 'blue']
Proposal is to allow lists and tuples in the params argument, which are
then rendered as: "( <quoted-element-1>, <quoted-element-2>, ...)", using
the existing quoting algorithm, applied to each list element.
--
Ticket URL: <https://code.djangoproject.com/ticket/34168>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018485c5101f-2498f50f-8488-4433-bb13-79fe8527f0da-000000%40eu-central-1.amazonses.com.
