Project

General

Profile

« Previous | Next » 

Revision 2327

sql.py: mk_insert_select(): Fixed bug where function name and returning col were not being escaped

View differences:

lib/sql.py
509 509
    if cols == []: cols = None # no cols (all defaults) = unknown col names
510 510
    if cols != None: cols = [sql_gen.as_Col(v).to_str(db) for v in cols]
511 511
    if select_query == None: select_query = 'DEFAULT VALUES'
512
    if returning != None: returning = sql_gen.as_Col(returning, table)
512 513
    
513 514
    # Build query
514 515
    query = 'INSERT INTO '+table
......
516 517
    query += ' '+select_query
517 518
    
518 519
    if returning != None:
519
        query += ' RETURNING '+sql_gen.as_Col(returning).to_str(db)
520
        returning_name = copy.copy(returning)
521
        returning_name.table = None
522
        returning_name = returning_name.to_str(db)
523
        query += ' RETURNING '+returning_name
520 524
    
521 525
    if embeddable:
526
        assert returning != None
527
        
522 528
        # Create function
523 529
        function_name = '_'.join(map(clean_name, ['insert', table] + cols))
524
        return_type = 'SETOF '+table+'.'+returning+'%TYPE'
530
        return_type = 'SETOF '+returning.to_str(db)+'%TYPE'
525 531
        while True:
526 532
            try:
527
                function = function_name
528
                if not db.debug: function = 'pg_temp.'+function
533
                func_schema = None
534
                if not db.debug: func_schema = 'pg_temp'
535
                function = sql_gen.Table(function_name, func_schema).to_str(db)
529 536
                
530 537
                function_query = '''\
531 538
CREATE FUNCTION '''+function+'''() RETURNS '''+return_type+'''
......
538 545
                function_name = next_version(function_name)
539 546
                # try again with next version of name
540 547
        
541
        # Return query that uses function
542
        return mk_select(db, sql_gen.CustomCode(function+'() AS f ('+returning
543
            +')'), start=0, order_by=None) # AS clause requires function alias
548
        # Return query that uses function; AS clause requires function alias
549
        return mk_select(db, sql_gen.CustomCode(function+'() AS f ('
550
            +returning_name+')'), start=0, order_by=None)
544 551
    
545 552
    return (query, params)
546 553

  

Also available in: Unified diff