diff options
| author | Alex Gaynor | 2008-10-06 18:33:49 -0400 |
|---|---|---|
| committer | Alex Gaynor | 2008-10-06 18:33:49 -0400 |
| commit | c10e9814d878eb06cba33387f6b5681e47b163fb (patch) | |
| tree | 0e3192b8f3b496fa1a3fa07a51c0f9a3acfd7a50 /debug_toolbar/views.py | |
| parent | 0368d75afbe578951bcded286a3122c5302e3e4d (diff) | |
| parent | a3492e14765e3f898efc26913a8e8c4445a837b4 (diff) | |
| download | django-debug-toolbar-c10e9814d878eb06cba33387f6b5681e47b163fb.tar.bz2 | |
resolved merge conflicts
Diffstat (limited to 'debug_toolbar/views.py')
| -rw-r--r-- | debug_toolbar/views.py | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py index b67a70b..8af879f 100644 --- a/debug_toolbar/views.py +++ b/debug_toolbar/views.py @@ -20,6 +20,37 @@ def debug_media(request, path): root = os.path.join(parent, 'media') return django.views.static.serve(request, path, root) +def sql_select(request): + """ + Returns the output of the SQL SELECT statement. + + Expected GET variables: + sql: urlencoded sql with positional arguments + params: JSON encoded parameter values + time: time for SQL to execute passed in from toolbar just for redisplay + hash: the hash of (secret + sql + params) for tamper checking + """ + from debug_toolbar.panels.sql import reformat_sql + sql = request.GET.get('sql', '') + params = request.GET.get('params', '') + hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() + if hash != request.GET.get('hash', ''): + return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert + if sql.lower().startswith('select'): + params = simplejson.loads(params) + cursor = connection.cursor() + cursor.execute(sql, params) + headers = [d[0] for d in cursor.description] + result = cursor.fetchall() + cursor.close() + context = { + 'result': result, + 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), + 'time': request.GET.get('time', 0.0), + 'headers': headers, + } + return render_to_response('debug_toolbar/panels/sql_select.html', context) + def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. @@ -50,3 +81,38 @@ def sql_explain(request): 'headers': headers, } return render_to_response('debug_toolbar/panels/sql_explain.html', context) + +def sql_profile(request): + """ + Returns the output of running the SQL and getting the profiling statistics. + + Expected GET variables: + sql: urlencoded sql with positional arguments + params: JSON encoded parameter values + time: time for SQL to execute passed in from toolbar just for redisplay + hash: the hash of (secret + sql + params) for tamper checking + """ + from debug_toolbar.panels.sql import reformat_sql + sql = request.GET.get('sql', '') + params = request.GET.get('params', '') + hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() + if hash != request.GET.get('hash', ''): + return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert + if sql.lower().startswith('select'): + params = simplejson.loads(params) + cursor = connection.cursor() + cursor.execute("SET PROFILING=1") # Enable profiling + cursor.execute(sql, params) # Execute SELECT + cursor.execute("SET PROFILING=0") # Disable profiling + # The Query ID should always be 1 here but I'll subselect to get the last one just in case... + cursor.execute("SELECT * FROM information_schema.profiling WHERE query_id=(SELECT query_id FROM information_schema.profiling ORDER BY query_id DESC LIMIT 1)") + headers = [d[0] for d in cursor.description] + result = cursor.fetchall() + cursor.close() + context = { + 'result': result, + 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), + 'time': request.GET.get('time', 0.0), + 'headers': headers, + } + return render_to_response('debug_toolbar/panels/sql_explain.html', context) |