diff options
| author | Simon Charette <charette.s@gmail.com> | 2025-11-22 13:32:34 -0500 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2026-03-12 20:01:02 -0400 |
| commit | 1a8fd5cf75bf855852f6bc2f75c3da9f7b145669 (patch) | |
| tree | 07805ec5df940451042b9c96b0cb2fa595f870e2 /docs/releases/6.1.txt | |
| parent | 7cb2221e9267dec3f1cf7c88b8686d38fd956639 (diff) | |
Fixed #36727 -- Deprecated Field.get_placeholder in favor of get_placeholder_sql.
The lack of ability of the get_placeholder call chain to return SQL and
parameters separated so they can be mogrified by the backend at execution time
forced implementations to dangerously interpolate potentially user controlled
values.
The get_placeholder_sql name was chosen due to its proximity to the previous
method, but other options such as Field.as_sql were considered but ultimately
rejected due to its different input signature compared to Expression.as_sql
that might have lead to confusion.
There is a lot of overlap between what Field.get_db_prep_value and
get_placeholder_sql do but folding the latter in the former would require
changing its return signature to return expression which is a way more invasive
change than what is proposed here.
Given we always call get_db_prep_value it might still be an avenue worth
exploring in the future to offer a publicly documented interface to allow field
to take an active part in the compilation chain.
Thanks Jacob for the review.
Diffstat (limited to 'docs/releases/6.1.txt')
| -rw-r--r-- | docs/releases/6.1.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/docs/releases/6.1.txt b/docs/releases/6.1.txt index 2539e599c7..67891c5bf7 100644 --- a/docs/releases/6.1.txt +++ b/docs/releases/6.1.txt @@ -396,6 +396,15 @@ backends. * Set the new ``DatabaseFeatures.supports_inspectdb`` attribute to ``False`` if the management command isn't supported. +* The ``DatabaseOperations.binary_placeholder_sql()`` method now expects a + query compiler as an extra positional argument and should return a + two-elements tuple composed of an SQL format string and a tuple of associated + parameters. + +* The ``BaseSpatialOperations.get_geom_placeholder()`` method is renamed to + ``get_geom_placeholder_sql`` and is expected to return a two-elements tuple + composed of an SQL format string and a tuple of associated parameters. + :mod:`django.contrib.admin` --------------------------- @@ -481,6 +490,14 @@ Miscellaneous used as the top-level value. :lookup:`Key and index lookups <jsonfield.key>` are unaffected by this deprecation. +* The undocumented ``get_placeholder`` method of + :class:`~django.db.models.Field` is deprecated in favor of the newly + introduced ``get_placeholder_sql`` method, which has the same input signature + but is expected to return a two-elements tuple composed of an SQL format + string and a tuple of associated parameters. This method should now expect + to be provided expressions meant to be compiled via the provided ``compiler`` + argument. + Features removed in 6.1 ======================= |