diff options
| author | Mike Bayer <mike_mp@zzzcomputing.com> | 2009-05-29 18:56:50 +0000 |
|---|---|---|
| committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2009-05-29 18:56:50 +0000 |
| commit | 5ea1d673151a2a94b41d3131345464dfddaea95b (patch) | |
| tree | b53abfcef3c57dc49d5830759cff087a2c85d496 /test/sql | |
| parent | fe3902771f51dea078bbee986e984c399aae2468 (diff) | |
| download | sqlalchemy-5ea1d673151a2a94b41d3131345464dfddaea95b.tar.gz | |
- sql
- Removed an obscure feature of execute() (including connection,
engine, Session) whereby a bindparam() construct can be sent as
a key to the params dictionary. This usage is undocumented
and is at the core of an issue whereby the bindparam() object
created implicitly by a text() construct may have the same
hash value as a string placed in the params dictionary and
may result in an inappropriate match when computing the final
bind parameters. Internal checks for this condition would
add significant latency to the critical task of parameter
rendering, so the behavior is removed. This is a backwards
incompatible change for any application that may have been
using this feature, however the feature has never been
documented.
Diffstat (limited to 'test/sql')
| -rw-r--r-- | test/sql/query.py | 15 | ||||
| -rw-r--r-- | test/sql/select.py | 16 |
2 files changed, 15 insertions, 16 deletions
diff --git a/test/sql/query.py b/test/sql/query.py index a6c419656..b428d8991 100644 --- a/test/sql/query.py +++ b/test/sql/query.py @@ -307,21 +307,6 @@ class QueryTest(TestBase): r = s.execute(userid='fred').fetchall() assert len(r) == 1 - u = bindparam('userid', unique=True) - s = users.select(and_(users.c.user_name==u, users.c.user_name==u)) - r = s.execute({u:'fred'}).fetchall() - assert len(r) == 1 - - def test_bindparams_in_params(self): - """test that a _BindParamClause itself can be a key in the params dict""" - - users.insert().execute(user_id = 7, user_name = 'jack') - users.insert().execute(user_id = 8, user_name = 'fred') - - u = bindparam('userid') - r = users.select(users.c.user_name==u).execute({u:'fred'}).fetchall() - assert len(r) == 1 - def test_bindparam_shortname(self): """test the 'shortname' field on BindParamClause.""" users.insert().execute(user_id = 7, user_name = 'jack') diff --git a/test/sql/select.py b/test/sql/select.py index 52c382f81..2ec5b8da5 100644 --- a/test/sql/select.py +++ b/test/sql/select.py @@ -1154,7 +1154,21 @@ UNION SELECT mytable.myid FROM mytable" s = select([table1], or_(table1.c.myid==7, table1.c.myid==8, table1.c.myid==bindparam('myid_1'))) self.assertRaisesMessage(exc.CompileError, "conflicts with unique bind parameter of the same name", str, s) - + def test_binds_no_hash_collision(self): + """test that construct_params doesn't corrupt dict due to hash collisions""" + + total_params = 100000 + + in_clause = [':in%d' % i for i in range(total_params)] + params = dict(('in%d' % i, i) for i in range(total_params)) + sql = 'text clause %s' % ', '.join(in_clause) + t = text(sql) + assert len(t.bindparams) == total_params + c = t.compile() + pp = c.construct_params(params) + assert len(set(pp)) == total_params + assert len(set(pp.values())) == total_params + def test_bind_as_col(self): t = table('foo', column('id')) |