#25705: Parameters are not adapted or quoted in Query.__str__
-------------------------------------+-------------------------------------
Reporter: Dmitry Dygalo | Owner: Alex
Type: | Status: assigned
Cleanup/optimization |
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Alex):
I've done some investigation.
The main issue comes to the Python DB API doesn't have a way to do this.
The only way to see the query with the parameters binded correctly is
after executing it.
As Mariusz commented
[https://github.com/django/django/pull/15951#issuecomment-1491424713
here], only Mysql/MariaDB and Postgres have a way to do it via a `mogrify`
function which is their own extension to the API.
Django is already using the postgres mogrify in its own compose_sql
function in the
[https://github.com/django/django/blob/f302343380c77e1eb5dab3b64dd70895a95926ca/django/contrib/postgres/search.py#L317
search backend],
[https://github.com/django/django/blob/f302343380c77e1eb5dab3b64dd70895a95926ca/django/db/backends/postgresql/schema.py#L46
schema queries] and
[https://github.com/django/django/blob/f302343380c77e1eb5dab3b64dd70895a95926ca/django/db/backends/postgresql/base.py#L98
ensuring the role of the connection]
In Oracle and SQLite, none of the extensions to the API they add allows do
this.
I see two approaches:
- We fix this issue for the first 3 backends and leave it as it is in
Oracle and SQLite.
- Use the mogrify function in the first three backends, and manually quote
the parameters in the other two. Something similar was already attempted
in [https://github.com/django/django/pull/10568 this PR] and it was
rejected. The amount of effort needed to implement and maintain this,
[https://github.com/python/cpython/blob/db39bc42f90c151b298f97b780e62703adbf1221/Modules/_sqlite/cursor.c#L532
example on how cPython does it for SQLite], would probably be too much
since this seems to be the only use case.
--
Ticket URL: <https://code.djangoproject.com/ticket/25705#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701908216dca9-686b1cb0-8033-4154-87ab-7d46f719dbf7-000000%40eu-central-1.amazonses.com.