diff options
| author | Mike Bayer <mike_mp@zzzcomputing.com> | 2020-10-17 11:39:56 -0400 |
|---|---|---|
| committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2020-10-17 13:15:57 -0400 |
| commit | 296c84313ab29bf9599634f38caaf7dd092e4e23 (patch) | |
| tree | c354411cbb809544a9d471afbf35571e61886ded /lib/sqlalchemy/engine/default.py | |
| parent | 3179f70408cb91c7586fc2021959efb5b2fe9f0e (diff) | |
| download | sqlalchemy-296c84313ab29bf9599634f38caaf7dd092e4e23.tar.gz | |
Ensure escaping of percent signs in columns, parameters
Improved support for column names that contain percent signs in the string,
including repaired issues involving anoymous labels that also embedded a
column name with a percent sign in it, as well as re-established support
for bound parameter names with percent signs embedded on the psycopg2
dialect, using a late-escaping process similar to that used by the
cx_Oracle dialect.
* Added new constructor for _anonymous_label() that ensures incoming
string tokens based on column or table names will have percent
signs escaped; abstracts away the format of the label.
* generalized cx_Oracle's quoted_bind_names facility into the compiler
itself, and leveraged this for the psycopg2 dialect's issue with
percent signs in names as well. the parameter substitution is now
integrated with compiler.construct_parameters() as well as the
recently reworked set_input_sizes(), reducing verbosity in the
cx_Oracle dialect.
Fixes: #5653
Change-Id: Ia2ad13ea68b4b0558d410026e5a33f5cb3fbab2c
Diffstat (limited to 'lib/sqlalchemy/engine/default.py')
| -rw-r--r-- | lib/sqlalchemy/engine/default.py | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/lib/sqlalchemy/engine/default.py b/lib/sqlalchemy/engine/default.py index d63cb4add..7f92271e9 100644 --- a/lib/sqlalchemy/engine/default.py +++ b/lib/sqlalchemy/engine/default.py @@ -1507,6 +1507,10 @@ class DefaultExecutionContext(interfaces.ExecutionContext): inputsizes, self.cursor, self.statement, self.parameters, self ) + has_escaped_names = bool(self.compiled.escaped_bind_names) + if has_escaped_names: + escaped_bind_names = self.compiled.escaped_bind_names + if self.dialect.positional: items = [ (key, self.compiled.binds[key]) @@ -1529,7 +1533,11 @@ class DefaultExecutionContext(interfaces.ExecutionContext): dbtypes = inputsizes[bindparam] generic_inputsizes.extend( ( - paramname, + ( + escaped_bind_names.get(paramname, paramname) + if has_escaped_names + else paramname + ), dbtypes[idx % num], bindparam.type.types[idx % num], ) @@ -1540,12 +1548,29 @@ class DefaultExecutionContext(interfaces.ExecutionContext): else: dbtype = inputsizes.get(bindparam, None) generic_inputsizes.extend( - (paramname, dbtype, bindparam.type) + ( + ( + escaped_bind_names.get(paramname, paramname) + if has_escaped_names + else paramname + ), + dbtype, + bindparam.type, + ) for paramname in self._expanded_parameters[key] ) else: dbtype = inputsizes.get(bindparam, None) - generic_inputsizes.append((key, dbtype, bindparam.type)) + + escaped_name = ( + escaped_bind_names.get(key, key) + if has_escaped_names + else key + ) + + generic_inputsizes.append( + (escaped_name, dbtype, bindparam.type) + ) try: self.dialect.do_set_input_sizes( self.cursor, generic_inputsizes, self |