-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversions turns list into 'pseudo-tuple' #10
Comments
Ok, having thought about this, I assume the intent is to take a single list as a parameter and have it by processed by Python's internal formatting. I'm guessing this is something that will be changed in moist. |
To clarify my somewhat opaque earlier remark now that I understand this more (and this is referenced elsewhere): MySQLdb's db.literal function is strangely overloaded so that it tries to deal with both the initial list/dict argument in the execute (i.e. all the parameters) and the content inside the parameters. That is, list/dict conversions are intended to process the parameters, whereas all other converters do the actual escaping for MySQL. This has the unfortunate effect that it 'almost' supports lists/tuples for escaping (but not quite). I assume the almost support is a bug - it should just fail - so I'll reopen this, since I think people need to know. Though I understand fixing would require significant reworking. PS This is why people get the db to parameterise, folks... |
Just saw #36 . Excellent! |
MySQLdb1 currently has a bug that produces incorrect SQL when dealing with one item sequences, closed as wontfix. This bug is reported in: farcepest/MySQLdb1#10 Added a converter function that deals with one item sequences.
In converters.py, there are rules to take ListTypes and TupleTypes to MySQL literals (which are used when you pass a list as a parameter).
Unfortunately, the code that does this (escape_sequence) uses a Python tuple to produce the string for MySQL insertion, which is a bad idea when you have a single element list (producing things like ('1',) - i.e. invalid SQL). I'm worried that I'm not understanding the intent of this code properly, though, since the action for a DictType appears to be completely insane (at least in the cursor.execute context). Should I only be using 'sets' (where the appropriate join is run)?
Currently I'm working around this as follows:
But it would be nicer if escape_sequence was fixed in the C code.
The text was updated successfully, but these errors were encountered: