Re: [Django] #25705: Parameters are not adapted or quoted in Query.__str__

[Django]

#25705: Parameters are not adapted or quoted in Query.__str__
-------------------------------------+-------------------------------------
     Reporter:  Dmitry Dygalo        |                    Owner:  Alex
         Type:                       |                   Status:  assigned
  Cleanup/optimization               |
    Component:  Database layer       |                  Version:  dev
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  1                    |  Patch needs improvement:  1
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Comment (by Alex):

 I've done some investigation.

 The main issue comes to the Python DB API doesn't have a way to do this.
 The only way to see the query with the parameters binded correctly is
 after executing it.

 As Mariusz commented
 [https://github.com/django/django/pull/15951#issuecomment-1491424713
 here], only Mysql/MariaDB and Postgres have a way to do it via a `mogrify`
 function which is their own extension to the API.
 Django is already using the postgres mogrify in its own compose_sql
 function in the
 
[https://github.com/django/django/blob/f302343380c77e1eb5dab3b64dd70895a95926ca/django/contrib/postgres/search.py#L317
 search backend],
 
[https://github.com/django/django/blob/f302343380c77e1eb5dab3b64dd70895a95926ca/django/db/backends/postgresql/schema.py#L46
 schema queries] and
 
[https://github.com/django/django/blob/f302343380c77e1eb5dab3b64dd70895a95926ca/django/db/backends/postgresql/base.py#L98
 ensuring the role of the connection]

 In Oracle and SQLite, none of the extensions to the API they add allows do
 this.

 I see two approaches:
 - We fix this issue for the first 3 backends and leave it as it is in
 Oracle and SQLite.
 - Use the mogrify function in the first three backends, and manually quote
 the parameters in the other two. Something similar was already attempted
 in [https://github.com/django/django/pull/10568 this PR] and it was
 rejected. The amount of effort needed to implement and maintain this,
 
[https://github.com/python/cpython/blob/db39bc42f90c151b298f97b780e62703adbf1221/Modules/_sqlite/cursor.c#L532
 example on how cPython does it for SQLite], would probably be too much
 since this seems to be the only use case.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/25705#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/010701908216dca9-686b1cb0-8033-4154-87ab-7d46f719dbf7-000000%40eu-central-1.amazonses.com.