summaryrefslogtreecommitdiff
path: root/django/db
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2013-03-23 16:09:56 +0100
committerClaude Paroz <claude@2xlibre.net>2013-03-23 17:11:10 +0100
commit76aecfbc4b49f5ab0613cccff1df6fab03253fab (patch)
tree288a5c0e14ebe27d051b0ec01d16977f76b99838 /django/db
parente7514e4978178ba68a872ac0004dd6f8049f3d76 (diff)
Fixed #9055 -- Standardized behaviour of parameter escaping in db cursors
Previously, depending on the database backend or the cursor type, you'd need to double the percent signs in the query before passing it to cursor.execute. Now cursor.execute consistently need percent doubling whenever params argument is not None (placeholder substitution will happen). Thanks Thomas Güttler for the report and Walter Doekes for his work on the patch.
Diffstat (limited to 'django/db')
-rw-r--r--django/db/backends/__init__.py2
-rw-r--r--django/db/backends/mysql/base.py1
-rw-r--r--django/db/backends/oracle/base.py13
-rw-r--r--django/db/backends/sqlite3/base.py4
-rw-r--r--django/db/backends/util.py5
5 files changed, 17 insertions, 8 deletions
diff --git a/django/db/backends/__init__.py b/django/db/backends/__init__.py
index b713b4c97a..9acef4ad19 100644
--- a/django/db/backends/__init__.py
+++ b/django/db/backends/__init__.py
@@ -815,6 +815,8 @@ class BaseDatabaseOperations(object):
to_unicode = lambda s: force_text(s, strings_only=True, errors='replace')
if isinstance(params, (list, tuple)):
u_params = tuple(to_unicode(val) for val in params)
+ elif params is None:
+ u_params = ()
else:
u_params = dict((to_unicode(k), to_unicode(v)) for k, v in params.items())
diff --git a/django/db/backends/mysql/base.py b/django/db/backends/mysql/base.py
index f7d07cf4b7..57b6f82270 100644
--- a/django/db/backends/mysql/base.py
+++ b/django/db/backends/mysql/base.py
@@ -115,6 +115,7 @@ class CursorWrapper(object):
def execute(self, query, args=None):
try:
+ # args is None means no string interpolation
return self.cursor.execute(query, args)
except Database.OperationalError as e:
# Map some error codes to IntegrityError, since they seem to be
diff --git a/django/db/backends/oracle/base.py b/django/db/backends/oracle/base.py
index 6309088c4c..9e69743d33 100644
--- a/django/db/backends/oracle/base.py
+++ b/django/db/backends/oracle/base.py
@@ -757,18 +757,19 @@ class FormatStylePlaceholderCursor(object):
return [p.force_bytes for p in params]
def execute(self, query, params=None):
- if params is None:
- params = []
- else:
- params = self._format_params(params)
- args = [(':arg%d' % i) for i in range(len(params))]
# cx_Oracle wants no trailing ';' for SQL statements. For PL/SQL, it
# it does want a trailing ';' but not a trailing '/'. However, these
# characters must be included in the original query in case the query
# is being passed to SQL*Plus.
if query.endswith(';') or query.endswith('/'):
query = query[:-1]
- query = convert_unicode(query % tuple(args), self.charset)
+ if params is None:
+ params = []
+ query = convert_unicode(query, self.charset)
+ else:
+ params = self._format_params(params)
+ args = [(':arg%d' % i) for i in range(len(params))]
+ query = convert_unicode(query % tuple(args), self.charset)
self._guess_input_sizes([params])
try:
return self.cursor.execute(query, self._param_generator(params))
diff --git a/django/db/backends/sqlite3/base.py b/django/db/backends/sqlite3/base.py
index f70c3872a8..ead325a33b 100644
--- a/django/db/backends/sqlite3/base.py
+++ b/django/db/backends/sqlite3/base.py
@@ -433,7 +433,9 @@ class SQLiteCursorWrapper(Database.Cursor):
This fixes it -- but note that if you want to use a literal "%s" in a query,
you'll need to use "%%s".
"""
- def execute(self, query, params=()):
+ def execute(self, query, params=None):
+ if params is None:
+ return Database.Cursor.execute(self, query)
query = self.convert_query(query)
return Database.Cursor.execute(self, query, params)
diff --git a/django/db/backends/util.py b/django/db/backends/util.py
index 5eb6626fc7..b7fb48dca5 100644
--- a/django/db/backends/util.py
+++ b/django/db/backends/util.py
@@ -35,11 +35,14 @@ class CursorWrapper(object):
class CursorDebugWrapper(CursorWrapper):
- def execute(self, sql, params=()):
+ def execute(self, sql, params=None):
self.db.set_dirty()
start = time()
try:
with self.db.wrap_database_errors():
+ if params is None:
+ # params default might be backend specific
+ return self.cursor.execute(sql)
return self.cursor.execute(sql, params)
finally:
stop = time()