on Thu Jun 05 2008, Christopher Lenz <cmlenz-AT-gmx.de> wrote:
> On 05.06.2008, at 16:15, David Abrahams wrote:
>> Exception: invalid sql:
>> sql='SELECT name FROM tracforge_projects WHERE env_path=%s'
>> escaped sql='SELECT name FROM tracforge_projects WHERE env_path=%s'
>> args=('/usr/local/share/trac/projects/master',)
>>
>> So, there are a number of issues here. The code is apparently
>> trying to
>> execute:
>>
>> SELECT name FROM tracforge_projects WHERE env_path=/usr/local/share/
>> trac/projects/master
>
> No, the database or the database connector (psyco or whatever) is
> responsible for somehow applying the args to the SQL statement.
I'm sorry, even if that's true, I don't understand how it is in conflict
with my statement above... so let me ask some stupid questions to try to
get a clearer picture of what you mean.
1. Are you saying that the code above is not trying to execute something
like:
SELECT name FROM tracforge_projects WHERE env_path=/usr/local/share/
trac/projects/master
or are you disagreeing with something else I'm saying?
2. Are you saying that the database connector is responsible for making
the actual executed SQL make sense to the database no matter what you
pass to it? I don't see anything in
http://www.python.org/dev/peps/pep-0249/ that makes it very clear
what to expect, but maybe I'm not reading carefully enough.
> Either by created a prepared statement and binding the values to it,
> or by string interpolation using whatever is needed to quote/escape
> the values.
>
> The way TracForge uses the DB API is absolutely correct AFAICT.
Maybe so, but it's not clear to me what "correct" means here, because I
don't know where the expectations of the API are documented, nor do I
know whether you consider Trac to be correct even if it fails to work
around some quirk of the connector and/or the underlying database that
Trac claims to support.
Just to be painstakingly clear, the specific error in this case, at the
DB level, is that the env_path value doesn't get quoted by the time
Postgresql sees it, and '/' is not interpreted as a legal unquoted
string character. Are you saying that psycopg2 should be seeing that %s
appears in the format string and adding quotes as necessary to represent
the argument as a legal string?
> Do you have any modifications to trac.db.util that might be doing the
> wrong thing here?
My only mods to that file are:
--- db/util.py (revision 7178)
+++ db/util.py (working copy)
@@ -47,7 +47,11 @@
# print 'execute', repr(sql)
if args:
# print repr(args)
- return self.cursor.execute(sql_escape_percent(sql), args)
+ try:
+ return self.cursor.execute(sql_escape_percent(sql), args)
+ except:
+ raise Exception, 'invalid sql:\n'+repr(sql) + '\n' + \
+ repr(sql_escape_percent(sql)) + '\n' + repr(args)
return self.cursor.execute(sql)
def executemany(self, sql, args=None):
I don't think that can cause a problem.
--
Dave Abrahams
BoostPro Computing
http://www.boostpro.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
