restore parameter escaping for public methods

Adjusted the fix made for :ticket:`8056` which adjusted the escaping of bound parameter names with special characters such that the escaped names were translated after the SQL compilation step, which broke a published recipe on the FAQ illustrating how to merge parameter names into the string output of a compiled SQL string. The change restores the escaped names that come from ``compiled.params`` and adds a conditional parameter to :meth:`.SQLCompiler.construct_params` named ``escape_names`` that defaults to ``True``, restoring the old behavior by default. Fixes: #8113 Change-Id: I9cbedb1080bc06d51f287fd2cbf26aaab1c74653
author: Mike Bayer <mike_mp@zzzcomputing.com> 2022-06-08 21:35:02 -0400
committer: Mike Bayer <mike_mp@zzzcomputing.com> 2022-06-09 10:14:13 -0400
commit: ab8b4f25eebfbd2ef5819ff98dd372d5392c4b6b (patch)
tree: 4da3898d55d68333938396ba5f5ba8ed04e73791 /lib/sqlalchemy/sql/compiler.py
parent: d93f952b46c9cca557774d69442a7124c3309a2d (diff)
download: sqlalchemy-ab8b4f25eebfbd2ef5819ff98dd372d5392c4b6b.tar.gz
1 files changed, 24 insertions, 7 deletions
diff --git a/lib/sqlalchemy/sql/compiler.py b/lib/sqlalchemy/sql/compiler.py
index 78c6af38b..8ce0c65e4 100644
--- a/lib/sqlalchemy/sql/compiler.py
+++ b/lib/sqlalchemy/sql/compiler.py
@@ -633,6 +633,7 @@ class Compiled:
         self,
         params: Optional[_CoreSingleExecuteParams] = None,
         extracted_parameters: Optional[Sequence[BindParameter[Any]]] = None,
+        escape_names: bool = True,
     ) -> Optional[_MutableCoreSingleExecuteParams]:
         """Return the bind params for this compiled object.
 
@@ -1176,11 +1177,14 @@ class SQLCompiler(Compiled):
         self,
         params: Optional[_CoreSingleExecuteParams] = None,
         extracted_parameters: Optional[Sequence[BindParameter[Any]]] = None,
+        escape_names: bool = True,
         _group_number: Optional[int] = None,
         _check: bool = True,
     ) -> _MutableCoreSingleExecuteParams:
         """return a dictionary of bind parameter keys and values"""
 
+        has_escaped_names = escape_names and bool(self.escaped_bind_names)
+
         if extracted_parameters:
             # related the bound parameters collected in the original cache key
             # to those collected in the incoming cache key.  They will not have
@@ -1210,10 +1214,16 @@ class SQLCompiler(Compiled):
         if params:
             pd = {}
             for bindparam, name in self.bind_names.items():
+                escaped_name = (
+                    self.escaped_bind_names.get(name, name)
+                    if has_escaped_names
+                    else name
+                )
+
                 if bindparam.key in params:
-                    pd[name] = params[bindparam.key]
+                    pd[escaped_name] = params[bindparam.key]
                 elif name in params:
-                    pd[name] = params[name]
+                    pd[escaped_name] = params[name]
 
                 elif _check and bindparam.required:
                     if _group_number:
@@ -1238,13 +1248,19 @@ class SQLCompiler(Compiled):
                         value_param = bindparam
 
                     if bindparam.callable:
-                        pd[name] = value_param.effective_value
+                        pd[escaped_name] = value_param.effective_value
                     else:
-                        pd[name] = value_param.value
+                        pd[escaped_name] = value_param.value
             return pd
         else:
             pd = {}
             for bindparam, name in self.bind_names.items():
+                escaped_name = (
+                    self.escaped_bind_names.get(name, name)
+                    if has_escaped_names
+                    else name
+                )
+
                 if _check and bindparam.required:
                     if _group_number:
                         raise exc.InvalidRequestError(
@@ -1266,9 +1282,9 @@ class SQLCompiler(Compiled):
                     value_param = bindparam
 
                 if bindparam.callable:
-                    pd[name] = value_param.effective_value
+                    pd[escaped_name] = value_param.effective_value
                 else:
-                    pd[name] = value_param.value
+                    pd[escaped_name] = value_param.value
             return pd
 
     @util.memoized_instancemethod
@@ -1342,7 +1358,7 @@ class SQLCompiler(Compiled):
         """
 
         if parameters is None:
-            parameters = self.construct_params()
+            parameters = self.construct_params(escape_names=False)
 
         expanded_parameters = {}
         positiontup: Optional[List[str]]
@@ -4895,6 +4911,7 @@ class DDLCompiler(Compiled):
         self,
         params: Optional[_CoreSingleExecuteParams] = None,
         extracted_parameters: Optional[Sequence[BindParameter[Any]]] = None,
+        escape_names: bool = True,
     ) -> Optional[_MutableCoreSingleExecuteParams]:
         return None
author	Mike Bayer <mike_mp@zzzcomputing.com>	2022-06-08 21:35:02 -0400
committer	Mike Bayer <mike_mp@zzzcomputing.com>	2022-06-09 10:14:13 -0400
commit	ab8b4f25eebfbd2ef5819ff98dd372d5392c4b6b (patch)
tree	4da3898d55d68333938396ba5f5ba8ed04e73791 /lib/sqlalchemy/sql/compiler.py
parent	d93f952b46c9cca557774d69442a7124c3309a2d (diff)
download	sqlalchemy-ab8b4f25eebfbd2ef5819ff98dd372d5392c4b6b.tar.gz