Just like EXPLAIN, adding the output of straight SELECT statements so you can

view the raw SQL output.

4 files changed, 63 insertions, 0 deletions

diff --git a/debug_toolbar/templates/debug_toolbar/panels/sql.html b/debug_toolbar/templates/debug_toolbar/panels/sql.html
index 6a2d077..2abb68f 100644
--- a/debug_toolbar/templates/debug_toolbar/panels/sql.html
+++ b/debug_toolbar/templates/debug_toolbar/panels/sql.html
@@ -13,6 +13,7 @@
 				<td>{{ query.time|floatformat:"4" }}</td>
 				<td>
 				{% if query.params %}
+					<a class="remoteCall" href="/__debug__/sql_select/?sql={{ query.raw_sql|urlencode }}&params={{ query.params|urlencode }}&time={{ query.time|floatformat:"4"|urlencode }}&hash={{ query.hash }}">SELECT</a>
 					<a class="remoteCall" href="/__debug__/sql_explain/?sql={{ query.raw_sql|urlencode }}&params={{ query.params|urlencode }}&time={{ query.time|floatformat:"4"|urlencode }}&hash={{ query.hash }}">EXPLAIN</a>
 				{% endif %}
 				</td>
diff --git a/debug_toolbar/templates/debug_toolbar/panels/sql_select.html b/debug_toolbar/templates/debug_toolbar/panels/sql_select.html
new file mode 100644
index 0000000..73109ef
--- /dev/null
+++ b/debug_toolbar/templates/debug_toolbar/panels/sql_select.html
@@ -0,0 +1,30 @@
+<a class="back" href="">&laquo;&nbsp;Back</a>
+<h3>SQL Selected</h3>
+<dl>
+	<dt>Executed SQL</dt>
+	<dd><pre>{{ sql|safe }}</pre></dd>
+	<dt>Time</dt>
+	<dd>{{ time }} ms</dd>
+</dl>
+{% if result %}
+<table>
+	<thead>
+		<tr>
+			{% for h in headers %}
+				<th>{{ h|upper }}</th>
+			{% endfor %}
+		</tr>
+	</thead>
+	<tbody>
+		{% for row in result %}
+			<tr class="{% cycle 'odd' 'even' %}">
+				{% for column in row %}
+					<td>{{ column|escape }}</td>
+				{% endfor %}
+			</tr>
+		{% endfor %}
+	</tbody>
+</table>
+{% else %}
+	<p>Empty set</p>
+{% endif %}
diff --git a/debug_toolbar/urls.py b/debug_toolbar/urls.py
index e0e4b7a..437d36b 100644
--- a/debug_toolbar/urls.py
+++ b/debug_toolbar/urls.py
@@ -9,5 +9,6 @@ from django.conf import settings
 
 urlpatterns = patterns('',
     url(r'^__debug__/m/(.*)$', 'debug_toolbar.views.debug_media'),
+    url(r'^__debug__/sql_select/$', 'debug_toolbar.views.sql_select', name='sql_select'),
     url(r'^__debug__/sql_explain/$', 'debug_toolbar.views.sql_explain', name='sql_explain'),
 )
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py
index b67a70b..4b666e1 100644
--- a/debug_toolbar/views.py
+++ b/debug_toolbar/views.py
@@ -20,6 +20,37 @@ def debug_media(request, path):
         root = os.path.join(parent, 'media')
     return django.views.static.serve(request, path, root)
 
+def sql_select(request):
+    """
+    Returns the output of the SQL SELECT statement.
+
+    Expected GET variables:
+        sql: urlencoded sql with positional arguments
+        params: JSON encoded parameter values
+        time: time for SQL to execute passed in from toolbar just for redisplay
+        hash: the hash of (secret + sql + params) for tamper checking
+    """
+    from debug_toolbar.panels.sql import reformat_sql
+    sql = request.GET.get('sql', '')
+    params = request.GET.get('params', '')
+    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
+    if hash != request.GET.get('hash', ''):
+        return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert
+    if sql.lower().startswith('select'):
+        params = simplejson.loads(params)
+        cursor = connection.cursor()
+        cursor.execute(sql, params)
+        headers = [d[0] for d in cursor.description]
+        result = cursor.fetchall()
+        cursor.close()
+        context = {
+            'result': result,
+            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
+            'time': request.GET.get('time', 0.0),
+            'headers': headers,
+        }
+        return render_to_response('debug_toolbar/panels/sql_select.html', context)
+
 def sql_explain(request):
     """
     Returns the output of the SQL EXPLAIN on the given query.