is this a bug in db.py?
3 views
Skip to first unread message
BjornT
Apr 8, 2008, 1:40:48 AM4/8/08
to web.py
Look at the different results when I switch types of quotes in
SQLLiteral:
>>> web.insert('foo', wtf=web.SQLLiteral("SHA1('yomomma')"),joe='bob',a=2,_test=True)
<sql: "INSERT INTO foo (a, joe, wtf) VALUES (2, 'bob',
SHA1('yomomma'))">
>>> web.insert('foo', wtf=web.SQLLiteral('SHA1("yomomma")'),joe='bob',a=2,_test=True)
<sql: 'INSERT INTO foo (a, joe, wtf) VALUES (2, \'bob\',
SHA1("yomomma"))'>
Is this a bug or am I doing something dumb?
I think if there is a problem it's because I have DBUtils or this:
sql_query = SQLQuery("INSERT INTO %s (%s) VALUES (%s)" % (
tablename,
", ".join(values.keys()),
', '.join([aparam() for x in values])
), values.values())
Might have something to do with two string formats being created here?
The first explicitly and the next passed to SQLQuery or maybe the
issue is in SQLQuery, perhaps here:
return self.s % tuple([sqlify(x) for x in self.v])
The use of sqlify?
I'm not sure. :o
SQLLiteral:
>>> web.insert('foo', wtf=web.SQLLiteral("SHA1('yomomma')"),joe='bob',a=2,_test=True)
<sql: "INSERT INTO foo (a, joe, wtf) VALUES (2, 'bob',
SHA1('yomomma'))">
>>> web.insert('foo', wtf=web.SQLLiteral('SHA1("yomomma")'),joe='bob',a=2,_test=True)
<sql: 'INSERT INTO foo (a, joe, wtf) VALUES (2, \'bob\',
SHA1("yomomma"))'>
Is this a bug or am I doing something dumb?
I think if there is a problem it's because I have DBUtils or this:
sql_query = SQLQuery("INSERT INTO %s (%s) VALUES (%s)" % (
tablename,
", ".join(values.keys()),
', '.join([aparam() for x in values])
), values.values())
Might have something to do with two string formats being created here?
The first explicitly and the next passed to SQLQuery or maybe the
issue is in SQLQuery, perhaps here:
return self.s % tuple([sqlify(x) for x in self.v])
The use of sqlify?
I'm not sure. :o
Aaron Swartz
Apr 8, 2008, 2:07:06 AM4/8/08
to we...@googlegroups.com
> Look at the different results when I switch types of quotes in
> SQLLiteral:
> SQLLiteral:
These aren't different results; the backslashes are just put there by
Python's repr.
BjornT
Apr 8, 2008, 2:21:29 AM4/8/08
to web.py
Oh right, I was just going to say that. I noticed this:
>>> n
' bob SHA1("yomomma") '
>>> web.db.sqlify(n)
'\' bob SHA1("yomomma") \''
>>> n2 = " bob SHA1('yomomma') "
>>> web.db.sqlify(n2)
'" bob SHA1(\'yomomma\') "'
>>> print web.db.sqlify(n)
' bob SHA1("yomomma") '
>>> print web.db.sqlify(n2)
" bob SHA1('yomomma') "
Thanks.
>>> n
' bob SHA1("yomomma") '
>>> web.db.sqlify(n)
'\' bob SHA1("yomomma") \''
>>> n2 = " bob SHA1('yomomma') "
>>> web.db.sqlify(n2)
'" bob SHA1(\'yomomma\') "'
>>> print web.db.sqlify(n)
' bob SHA1("yomomma") '
>>> print web.db.sqlify(n2)
" bob SHA1('yomomma') "
Thanks.
BjornT
Apr 8, 2008, 2:52:06 AM4/8/08
to web.py
Seems like something is not ok though, check it out:
>> d = web.insert('users', email='bjorn....@foo.com',password=web.SQLLiteral('SHA1("foo")'),level=1,joindate=web.SQLLiteral('NOW()'),laston=web.SQLLiteral('NOW()'), _test=True)
>>> print d
INSERT INTO users (password, joindate, email, laston, level) VALUES
(SHA1("foo"), NOW(), 'bjorn....@foo.com', NOW(), 1)
now I copy and paste that string in MySQL:
mysql> INSERT INTO users (password, joindate, email, laston, level)
VALUES (SHA1("foo"), NOW(), 'bjorn....@foo.com', NOW(), 1)
Query OK, 1 row affected (0.06 sec)
mysql> select * from users;
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| id | email |
password | joindate |
laston | level |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| 5 | bjorn....@ask.com |
b3d27fe823942946dbbbc16e62537743a458131a | 2008-04-07 23:45:41 |
2008-04-07 23:45:41 | 1 |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
But if I use web.insert check it out:
d = web.insert('users',
email='bjorn.t...@foo2.com',password=web.SQLLiteral('SHA1("foo")'),level=1,joindate=web.SQLLiteral('NOW()'),laston=web.SQLLiteral('NOW()'))
mysql> select * from users;
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| id | email |
password | joindate |
laston | level |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| 5 | bjorn....@foo.com |
b3d27fe823942946dbbbc16e62537743a458131a | 2008-04-07 23:45:41 |
2008-04-07 23:45:41 | 1 |
| 6 | bjorn.t...@foo2.com | SHA1("foo")
| 0000-00-00 00:00:00 | 0000-00-00 00:00:00 | 1 |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
It didn't create an SHA1 hash.
>> d = web.insert('users', email='bjorn....@foo.com',password=web.SQLLiteral('SHA1("foo")'),level=1,joindate=web.SQLLiteral('NOW()'),laston=web.SQLLiteral('NOW()'), _test=True)
>>> print d
INSERT INTO users (password, joindate, email, laston, level) VALUES
(SHA1("foo"), NOW(), 'bjorn....@foo.com', NOW(), 1)
now I copy and paste that string in MySQL:
mysql> INSERT INTO users (password, joindate, email, laston, level)
VALUES (SHA1("foo"), NOW(), 'bjorn....@foo.com', NOW(), 1)
Query OK, 1 row affected (0.06 sec)
mysql> select * from users;
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| id | email |
password | joindate |
laston | level |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| 5 | bjorn....@ask.com |
b3d27fe823942946dbbbc16e62537743a458131a | 2008-04-07 23:45:41 |
2008-04-07 23:45:41 | 1 |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
But if I use web.insert check it out:
d = web.insert('users',
email='bjorn.t...@foo2.com',password=web.SQLLiteral('SHA1("foo")'),level=1,joindate=web.SQLLiteral('NOW()'),laston=web.SQLLiteral('NOW()'))
mysql> select * from users;
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| id | email |
password | joindate |
laston | level |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
| 5 | bjorn....@foo.com |
b3d27fe823942946dbbbc16e62537743a458131a | 2008-04-07 23:45:41 |
2008-04-07 23:45:41 | 1 |
| 6 | bjorn.t...@foo2.com | SHA1("foo")
| 0000-00-00 00:00:00 | 0000-00-00 00:00:00 | 1 |
+----+-------------------------
+------------------------------------------+---------------------
+---------------------+-------+
It didn't create an SHA1 hash.
Anand Chitipothu
Apr 8, 2008, 11:11:34 AM4/8/08
to we...@googlegroups.com
On Tue, Apr 8, 2008 at 12:22 PM, BjornT <bjorn....@gmail.com> wrote:
>
> Seems like something is not ok though, check it out:
>
> >> d = web.insert('users', email='bjorn....@foo.com',password=web.SQLLiteral('SHA1("foo")'),level=1,joindate=web.SQLLiteral('NOW()'),laston=web.SQLLiteral('NOW()'), _test=True)
>
>
> Seems like something is not ok though, check it out:
>
> >> d = web.insert('users', email='bjorn....@foo.com',password=web.SQLLiteral('SHA1("foo")'),level=1,joindate=web.SQLLiteral('NOW()'),laston=web.SQLLiteral('NOW()'), _test=True)
>
Yes, that is a bug. It has been fixed in 0.3.
Reply all
Reply to author
Forward
0 new messages