Skip to content

django: implement SchemaEditor.quote_value() #227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
timgraham opened this issue Dec 23, 2019 · 3 comments · Fixed by #445
Closed

django: implement SchemaEditor.quote_value() #227

timgraham opened this issue Dec 23, 2019 · 3 comments · Fixed by #445
Assignees
@odeke-em
Labels
api: spanner Issues related to the googleapis/python-spanner-django API. priority: p2 Moderately-important priority. Fix may not be included in next release.

Comments

@timgraham
Copy link
Contributor

For example:

======================================================================
ERROR: test_extra_args (schema.test_logging.SchemaLoggerTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/tim/code/django/tests/schema/test_logging.py", line 12, in test_extra_args
    editor.execute(sql, params)
  File "/home/tim/code/django/django/db/backends/base/schema.py", line 132, in execute
    self.collected_sql.append((sql % tuple(map(self.quote_value, params))) + ending)
  File "/home/tim/code/django/django/db/backends/base/schema.py", line 243, in quote_value
    raise NotImplementedError()
NotImplementedError
@timgraham
Copy link
Contributor Author

The docstring of this method says, "Return a quoted version of the value so it's safe to use in an SQL string. This is not safe against injection from user code; it is intended only for use in making SQL scripts or preparing default values for particularly tricky backends (defaults are not user-defined, though, so this is safe)."

Some implementations on other databases:

SQLite: sqlite3.adapt()
MySQL: self.connection.connection.escape(value, self.connection.connection.encoders)
PostgreSQL: psycopg2.extensions.adapt(value).getquoted().decode()

@odeke-em, do you know if Spanner's Python libraries provides anything similar? If not, we could consider an implementation in Python similar to what the Oracle backend does.

timgraham added a commit that referenced this issue Mar 6, 2020
@timgraham
django: add SchemaEditor.quote_value() stub
4fa8dcb 
refs #227
odeke-em pushed a commit that referenced this issue Mar 7, 2020
@timgraham @odeke-em
django: add SchemaEditor.quote_value() stub
61c31b3 
refs #227
@odeke-em
Copy link
Contributor

odeke-em commented Mar 8, 2020

Unfortunately, I don't think that the Python client libraries support quoting values, we might have to add that function ourselves. Looking at the Cloud Spanner advisory on string and byte literals, they have a section on quoting https://cloud.google.com/spanner/docs/lexical#string-and-bytes-literals

@timgraham
Copy link
Contributor Author

It looks like the usage of quote_value() is limited to conditional indexes and constraints which Spanner doesn't support, so I don't think this is high priority.

django/db/models/indexes.py:        return sql % tuple(schema_editor.quote_value(p) for p in params)
django/db/models/constraints.py:        return sql % tuple(schema_editor.quote_value(p) for p in params)

@yoshi-automation yoshi-automation added 🚨 This issue needs some love. triage me I really want to be triaged. labels Apr 7, 2020
@JustinBeckwith JustinBeckwith added the api: spanner Issues related to the googleapis/python-spanner-django API. label Apr 8, 2020
@odeke-em odeke-em added priority: p2 Moderately-important priority. Fix may not be included in next release. and removed 🚨 This issue needs some love. triage me I really want to be triaged. labels Apr 16, 2020
timgraham added a commit to timgraham/python-spanner-django that referenced this issue Apr 29, 2020
@timgraham
django: remove SchemaEditor.quote_value() TODO
cc3a30a 
fixes googleapis#227
@timgraham timgraham mentioned this issue Apr 29, 2020
Merged
odeke-em added a commit that referenced this issue Apr 29, 2020
@timgraham @odeke-em
django: remove SchemaEditor.quote_value() TODO (#445)
f68d7ef 
fixes #227

Co-authored-by: Emmanuel T Odeke <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@odeke-em odeke-em

Labels
api: spanner Issues related to the googleapis/python-spanner-django API. priority: p2 Moderately-important priority. Fix may not be included in next release.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

django: remove SchemaEditor.quote_value() TODO timgraham/python-spanner-django
4 participants
@timgraham @JustinBeckwith @odeke-em @yoshi-automation