From 7c8b5b0b6ff47851a25e9995def2c944a79dc9ef Mon Sep 17 00:00:00 2001 From: Florian Apolloner Date: Fri, 18 Oct 2013 19:48:03 +0200 Subject: Fixed #383 -- Feed the proper SQL to cursor.execute (the one with placeholders). --- debug_toolbar/forms.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'debug_toolbar/forms.py') diff --git a/debug_toolbar/forms.py b/debug_toolbar/forms.py index cc05f30..01a4807 100644 --- a/debug_toolbar/forms.py +++ b/debug_toolbar/forms.py @@ -17,12 +17,14 @@ class SQLSelectForm(forms.Form): """ Validate params - sql: urlencoded sql with positional arguments + sql: The sql statement with interpolated params + raw_sql: The sql statement with placeholders params: JSON encoded parameter values duration: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ sql = forms.CharField() + raw_sql = forms.CharField() params = forms.CharField() alias = forms.CharField(required=False, initial='default') duration = forms.FloatField() @@ -39,8 +41,8 @@ class SQLSelectForm(forms.Form): for name in self.fields: self.fields[name].widget = forms.HiddenInput() - def clean_sql(self): - value = self.cleaned_data['sql'] + def clean_raw_sql(self): + value = self.cleaned_data['raw_sql'] if not value.lower().strip().startswith('select'): raise ValidationError("Only 'select' queries are allowed.") @@ -72,8 +74,7 @@ class SQLSelectForm(forms.Form): return hash def reformat_sql(self): - sql, params = self.cleaned_data['sql'], self.cleaned_data['params'] - return reformat_sql(self.cursor.db.ops.last_executed_query(self.cursor, sql, params)) + return reformat_sql(self.cleaned_data['sql']) def make_hash(self, data): params = force_text(settings.SECRET_KEY) + data['sql'] + data['params'] -- cgit v1.2.3