Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #21844: Move quote_parameter off of Operations and rename

  • Loading branch information...
commit 42607a9e33e63639d1da2166b9a2f85c691e07ae 1 parent 5cc0555
@andrewgodwin andrewgodwin authored
View
9 django/db/backends/__init__.py
@@ -975,15 +975,6 @@ def quote_name(self, name):
"""
raise NotImplementedError('subclasses of BaseDatabaseOperations may require a quote_name() method')
- def quote_parameter(self, value):
- """
- Returns a quoted version of the value so it's safe to use in an SQL
- string. This should NOT be used to prepare SQL statements to send to
- the database; it is meant for outputting SQL statements to a file
- or the console for later execution by a developer/DBA.
- """
- raise NotImplementedError()
-
def random_function_sql(self):
"""
Returns an SQL expression that returns a random value.
View
5 django/db/backends/mysql/base.py
@@ -311,11 +311,6 @@ def quote_name(self, name):
return name # Quoting once is enough.
return "`%s`" % name
- def quote_parameter(self, value):
- # Inner import to allow module to fail to load gracefully
- import MySQLdb.converters
- return MySQLdb.escape(value, MySQLdb.converters.conversions)
-
def random_function_sql(self):
return 'RAND()'
View
5 django/db/backends/mysql/schema.py
@@ -24,3 +24,8 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
sql_create_pk = "ALTER TABLE %(table)s ADD CONSTRAINT %(name)s PRIMARY KEY (%(columns)s)"
sql_delete_pk = "ALTER TABLE %(table)s DROP PRIMARY KEY"
+
+ def quote_value(self, value):
+ # Inner import to allow module to fail to load gracefully
+ import MySQLdb.converters
+ return MySQLdb.escape(value, MySQLdb.converters.conversions)
View
10 django/db/backends/oracle/base.py
@@ -326,16 +326,6 @@ def quote_name(self, name):
name = name.replace('%', '%%')
return name.upper()
- def quote_parameter(self, value):
- if isinstance(value, (datetime.date, datetime.time, datetime.datetime)):
- return "'%s'" % value
- elif isinstance(value, six.string_types):
- return repr(value)
- elif isinstance(value, bool):
- return "1" if value else "0"
- else:
- return str(value)
-
def random_function_sql(self):
return "DBMS_RANDOM.RANDOM"
View
14 django/db/backends/oracle/schema.py
@@ -1,5 +1,7 @@
import copy
+import datetime
+from django.utils import six
from django.db.backends.schema import BaseDatabaseSchemaEditor
from django.db.utils import DatabaseError
@@ -15,6 +17,16 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
sql_delete_column = "ALTER TABLE %(table)s DROP COLUMN %(column)s"
sql_delete_table = "DROP TABLE %(table)s CASCADE CONSTRAINTS"
+ def quote_value(self, value):
+ if isinstance(value, (datetime.date, datetime.time, datetime.datetime)):
+ return "'%s'" % value
+ elif isinstance(value, six.string_types):
+ return repr(value)
+ elif isinstance(value, bool):
+ return "1" if value else "0"
+ else:
+ return str(value)
+
def delete_model(self, model):
# Run superclass action
super(DatabaseSchemaEditor, self).delete_model(model)
@@ -92,4 +104,4 @@ def _generate_temp_name(self, for_name):
return self.normalize_name(for_name + "_" + suffix)
def prepare_default(self, value):
- return self.connection.ops.quote_parameter(value)
+ return self.quote_value(value)
View
5 django/db/backends/postgresql_psycopg2/operations.py
@@ -98,11 +98,6 @@ def quote_name(self, name):
return name # Quoting once is enough.
return '"%s"' % name
- def quote_parameter(self, value):
- # Inner import so backend fails nicely if it's not present
- import psycopg2
- return psycopg2.extensions.adapt(value)
-
def set_time_zone_sql(self):
return "SET TIME ZONE %s"
View
5 django/db/backends/postgresql_psycopg2/schema.py
@@ -7,6 +7,11 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
sql_delete_sequence = "DROP SEQUENCE IF EXISTS %(sequence)s CASCADE"
sql_set_sequence_max = "SELECT setval('%(sequence)s', MAX(%(column)s)) FROM %(table)s"
+ def quote_value(self, value):
+ # Inner import so backend fails nicely if it's not present
+ import psycopg2
+ return psycopg2.extensions.adapt(value)
+
def _alter_column_type_sql(self, table, column, type):
"""
Makes ALTER TYPE with SERIAL make sense.
View
12 django/db/backends/schema.py
@@ -89,7 +89,7 @@ def execute(self, sql, params=[]):
# Log the command we're running, then run it
logger.debug("%s; (params %r)" % (sql, params))
if self.collect_sql:
- self.collected_sql.append((sql % tuple(map(self.connection.ops.quote_parameter, params))) + ";")
+ self.collected_sql.append((sql % tuple(map(self.quote_value, params))) + ";")
else:
with self.connection.cursor() as cursor:
cursor.execute(sql, params)
@@ -166,6 +166,16 @@ def effective_default(self, field):
default = default()
return default
+ def quote_value(self, value):
+ """
+ Returns a quoted version of the value so it's safe to use in an SQL
+ string. This is not safe against injection from user code; it is
+ intended only for use in making SQL scripts or preparing default values
+ for particularly tricky backends (defaults are not user-defined, though,
+ so this is safe).
+ """
+ raise NotImplementedError()
+
# Actions
def create_model(self, model):
View
19 django/db/backends/sqlite3/base.py
@@ -215,25 +215,6 @@ def quote_name(self, name):
return name # Quoting once is enough.
return '"%s"' % name
- def quote_parameter(self, value):
- # Inner import to allow nice failure for backend if not present
- import _sqlite3
- try:
- value = _sqlite3.adapt(value)
- except _sqlite3.ProgrammingError:
- pass
- # Manual emulation of SQLite parameter quoting
- if isinstance(value, type(True)):
- return str(int(value))
- elif isinstance(value, six.integer_types):
- return str(value)
- elif isinstance(value, six.string_types):
- return '"%s"' % six.text_type(value)
- elif value is None:
- return "NULL"
- else:
- raise ValueError("Cannot quote parameter value %r" % value)
-
def no_limit_value(self):
return -1
View
22 django/db/backends/sqlite3/schema.py
@@ -1,3 +1,4 @@
+from django.utils import six
from django.apps.registry import Apps
from django.db.backends.schema import BaseDatabaseSchemaEditor
from django.db.models.fields.related import ManyToManyField
@@ -8,6 +9,25 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
sql_delete_table = "DROP TABLE %(table)s"
sql_create_inline_fk = "REFERENCES %(to_table)s (%(to_column)s)"
+ def quote_value(self, value):
+ # Inner import to allow nice failure for backend if not present
+ import _sqlite3
+ try:
+ value = _sqlite3.adapt(value)
+ except _sqlite3.ProgrammingError:
+ pass
+ # Manual emulation of SQLite parameter quoting
+ if isinstance(value, type(True)):
+ return str(int(value))
+ elif isinstance(value, six.integer_types):
+ return str(value)
+ elif isinstance(value, six.string_types):
+ return '"%s"' % six.text_type(value)
+ elif value is None:
+ return "NULL"
+ else:
+ raise ValueError("Cannot quote parameter value %r" % value)
+
def _remake_table(self, model, create_fields=[], delete_fields=[], alter_fields=[], rename_fields=[], override_uniques=None):
"""
Shortcut to transform a model from old_model into new_model
@@ -31,7 +51,7 @@ def _remake_table(self, model, create_fields=[], delete_fields=[], alter_fields=
body[field.name] = field
# If there's a default, insert it into the copy map
if field.has_default():
- mapping[field.column] = self.connection.ops.quote_parameter(
+ mapping[field.column] = self.quote_value(
field.get_default()
)
# Add in any altered fields

0 comments on commit 42607a9

Please sign in to comment.
Something went wrong with that request. Please try again.