[Django] #34168: add proper quoting for lists in raw SQL queries
4 views
Skip to first unread message
Django
Nov 17, 2022, 8:26:38 AM11/17/22
to django-...@googlegroups.com
#34168: add proper quoting for lists in raw SQL queries
-------------------------------------+-------------------------------------
Reporter: Marek | Owner: nobody
Rouchal |
Type: New | Status: new
feature |
Component: Database | Version: 4.1
layer (models, ORM) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Django's .raw() function already has the params=[] argument to inject
properly quoted strings - but what if I need to inject a list (of strings
or numbers), like in:
-------------------------------------+-------------------------------------
Reporter: Marek | Owner: nobody
Rouchal |
Type: New | Status: new
feature |
Component: Database | Version: 4.1
layer (models, ORM) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Django's .raw() function already has the params=[] argument to inject
properly quoted strings - but what if I need to inject a list (of strings
or numbers), like in:
WHERE item.color IN ('red', 'green', 'blue'). # %s being: ['red',
'green', 'blue']
Proposal is to allow lists and tuples in the params argument, which are
then rendered as: "( <quoted-element-1>, <quoted-element-2>, ...)", using
the existing quoting algorithm, applied to each list element.
--
Ticket URL: <https://code.djangoproject.com/ticket/34168>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages