Project

General

Profile

« Previous | Next » 

Revision 1919

Added by Aaron Marcuse-Kubitza almost 13 years ago

sql.py: Input validation: Moved section after Database connections because some of its functions require a connection. Added esc_name_by_module() and esc_name_by_engine(), and use esc_name_by_module() in esc_name().

View differences:

sql.py
43 43 

  		




  44
  44
  
    
class DbWarning(UserWarning): pass


  		




  45
  45
  
    

  		




  46
  
  
    
##### Input validation


  		




  47
  
  
    

  		




  48
  
  
    
def check_name(name):


  		




  49
  
  
    
    if re.search(r'\W', name) != None: raise NameException('Name "'+name


  		




  50
  
  
    
        +'" may contain only alphanumeric characters and _')


  		




  51
  
  
    

  		




  52
  
  
    
def esc_name(db, name):


  		




  53
  
  
    
    module = util.root_module(db.db)


  		




  54
  
  
    
    if module == 'psycopg2': return name


  		




  55
  
  
    
        # Don't enclose in quotes because this disables case-insensitivity


  		




  56
  
  
    
    elif module == 'MySQLdb': quote = '`'


  		




  57
  
  
    
    else: raise NotImplementedError("Can't escape name for "+module+' database')


  		




  58
  
  
    
    return quote + name.replace(quote, '') + quote


  		




  59
  
  
    

  		




  60
  46
  
    
##### Database connections


  		




  61
  47
  
    

  		




  62
  48
  
    
db_engines = {


  		




  ......




  199
  185
  
    

  		




  200
  186
  
    
connect = DbConn


  		




  201
  187
  
    

  		




  
  188
  
    
##### Input validation


  		




  
  189
  
    

  		




  
  190
  
    
def check_name(name):


  		




  
  191
  
    
    if re.search(r'\W', name) != None: raise NameException('Name "'+name


  		




  
  192
  
    
        +'" may contain only alphanumeric characters and _')


  		




  
  193
  
    

  		




  
  194
  
    
def esc_name_by_module(module, name, preserve_case=False):


  		




  
  195
  
    
    if module == 'psycopg2':


  		




  
  196
  
    
        if preserve_case: quote = '"'


  		




  
  197
  
    
        # Don't enclose in quotes because this disables case-insensitivity


  		




  
  198
  
    
        else: return name


  		




  
  199
  
    
    elif module == 'MySQLdb': quote = '`'


  		




  
  200
  
    
    else: raise NotImplementedError("Can't escape name for "+module+' database')


  		




  
  201
  
    
    return quote + name.replace(quote, '') + quote


  		




  
  202
  
    

  		




  
  203
  
    
def esc_name_by_engine(engine, name, **kw_args):


  		




  
  204
  
    
    return esc_name_by_module(db_engines[engine][0], name, **kw_args)


  		




  
  205
  
    

  		




  
  206
  
    
def esc_name(db, name, **kw_args):


  		




  
  207
  
    
    return esc_name_by_module(util.root_module(db.db), name, **kw_args)


  		




  
  208
  
    

  		




  202
  209
  
    
##### Querying


  		




  203
  210
  
    

  		




  204
  211
  
    
def run_raw_query(db, *args, **kw_args):


  		












Also available in:  Unified diff