Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-14 Thread Christophe Pettus
On Mar 12, 2011, at 12:56 PM, Jacob Kaplan-Moss wrote: > Christophe, can you write a patch including a new warning to put in the docs? All set: http://code.djangoproject.com/ticket/14733 -- -- Christophe Pettus x...@thebuild.com -- You received this message because you are subscribed to

Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-13 Thread Nick Phillips
On Fri, 2011-03-11 at 23:20 -0500, Jacob Kaplan-Moss wrote: > Hi Christophe -- > > Interesting; I didn't know about these constructs. > > I'm not opposed to this change, but I am a bit concerned about opening > up the ability to use raw() for stuff like UPDATE/DELETE where it'd be > a nasty code

Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-12 Thread Jacob Kaplan-Moss
OK, I'm sold - let's just kill the "protection". Christophe, can you write a patch including a new warning to put in the docs? Thanks, Jacob -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to

Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-12 Thread Christophe Pettus
On Mar 11, 2011, at 8:20 PM, Jacob Kaplan-Moss wrote: > I'd be interested in your thoughts on that: is > there a way we can prevent folks from shooting themselves in the foot > this way, or do you think trying itself is futile? There's no practical way of doing it without doing some kind of

Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-11 Thread Russell Keith-Magee
On Sat, Mar 12, 2011 at 12:20 PM, Jacob Kaplan-Moss wrote: > Hi Christophe -- > > Interesting; I didn't know about these constructs. > > I'm not opposed to this change, but I am a bit concerned about opening > up the ability to use raw() for stuff like UPDATE/DELETE where it'd

Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-11 Thread Jacob Kaplan-Moss
Hi Christophe -- Interesting; I didn't know about these constructs. I'm not opposed to this change, but I am a bit concerned about opening up the ability to use raw() for stuff like UPDATE/DELETE where it'd be a nasty code smell. I'd be interested in your thoughts on that: is there a way we can

Re: #14733: A vote in favor of no validation of .raw() queries

2011-03-09 Thread Dan Watson
On Wednesday, March 9, 2011 4:15:43 PM UTC-5, Xof wrote: > > Hi, > > I'd like to offer a vote in favor of accepting the original patch to > #14733, which removes the validation of the query done in a .raw() operation > on a QuerySet. > > The current situation is that Django requires that any

#14733: A vote in favor of no validation of .raw() queries

2011-03-09 Thread Christophe Pettus
Hi, I'd like to offer a vote in favor of accepting the original patch to #14733, which removes the validation of the query done in a .raw() operation on a QuerySet. The current situation is that Django requires that any query passed in begin with the literal string "SELECT", under the theory