From 7c8b5b0b6ff47851a25e9995def2c944a79dc9ef Mon Sep 17 00:00:00 2001
From: Florian Apolloner
Date: Fri, 18 Oct 2013 19:48:03 +0200
Subject: Fixed #383 -- Feed the proper SQL to cursor.execute (the one with
 placeholders).

---
 debug_toolbar/forms.py | 11 ++++++-----
 debug_toolbar/views.py |  6 +++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/debug_toolbar/forms.py b/debug_toolbar/forms.py
index cc05f30..01a4807 100644
--- a/debug_toolbar/forms.py
+++ b/debug_toolbar/forms.py
@@ -17,12 +17,14 @@ class SQLSelectForm(forms.Form):
     """
     Validate params
 
-        sql: urlencoded sql with positional arguments
+        sql: The sql statement with interpolated params
+        raw_sql: The sql statement with placeholders
         params: JSON encoded parameter values
         duration: time for SQL to execute passed in from toolbar just for redisplay
         hash: the hash of (secret + sql + params) for tamper checking
     """
     sql = forms.CharField()
+    raw_sql = forms.CharField()
     params = forms.CharField()
     alias = forms.CharField(required=False, initial='default')
     duration = forms.FloatField()
@@ -39,8 +41,8 @@ class SQLSelectForm(forms.Form):
         for name in self.fields:
             self.fields[name].widget = forms.HiddenInput()
 
-    def clean_sql(self):
-        value = self.cleaned_data['sql']
+    def clean_raw_sql(self):
+        value = self.cleaned_data['raw_sql']
 
         if not value.lower().strip().startswith('select'):
             raise ValidationError("Only 'select' queries are allowed.")
@@ -72,8 +74,7 @@ class SQLSelectForm(forms.Form):
         return hash
 
     def reformat_sql(self):
-        sql, params = self.cleaned_data['sql'], self.cleaned_data['params']
-        return reformat_sql(self.cursor.db.ops.last_executed_query(self.cursor, sql, params))
+        return reformat_sql(self.cleaned_data['sql'])
 
     def make_hash(self, data):
         params = force_text(settings.SECRET_KEY) + data['sql'] + data['params']
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py
index 922d4db..53ad3c9 100644
--- a/debug_toolbar/views.py
+++ b/debug_toolbar/views.py
@@ -19,7 +19,7 @@ def sql_select(request):
     form = SQLSelectForm(request.POST or None)
 
     if form.is_valid():
-        sql = form.cleaned_data['sql']
+        sql = form.cleaned_data['raw_sql']
         params = form.cleaned_data['params']
         cursor = form.cursor
         cursor.execute(sql, params)
@@ -43,7 +43,7 @@ def sql_explain(request):
     form = SQLSelectForm(request.POST or None)
 
     if form.is_valid():
-        sql = form.cleaned_data['sql']
+        sql = form.cleaned_data['raw_sql']
         params = form.cleaned_data['params']
         cursor = form.cursor
 
@@ -80,7 +80,7 @@ def sql_profile(request):
     form = SQLSelectForm(request.POST or None)
 
     if form.is_valid():
-        sql = form.cleaned_data['sql']
+        sql = form.cleaned_data['raw_sql']
         params = form.cleaned_data['params']
         cursor = form.cursor
         result = None
-- 
cgit v1.2.3