t-sql 2.2.0__tar.gz → 2.2.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {t_sql-2.2.0 → t_sql-2.2.1}/PKG-INFO +1 -1
- {t_sql-2.2.0 → t_sql-2.2.1}/pyproject.toml +1 -1
- t_sql-2.2.0/RELEASE_NOTES.md +0 -41
- {t_sql-2.2.0 → t_sql-2.2.1}/.dockerignore +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/.github/workflows/publish.yml +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/.github/workflows/test.yml +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/.gitignore +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/Dockerfile +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/LICENSE +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/README.md +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/compose.yaml +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/context7.json +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/pytest.ini +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_alembic_integration.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_asyncpg_integration.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_different_object_types.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_escaped.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_escaped_binary_hex.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_helper_functions.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_injection_edge_cases.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_injection_protection_validation.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_injections_for_escaped.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_mysql_integration.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_parameter_names.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_query_builder.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_sqlalchemy_integration.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_sqlite_integration.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_styles.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tests/test_tsql.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tsql/__init__.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tsql/query_builder.py +0 -0
- {t_sql-2.2.0 → t_sql-2.2.1}/tsql/styles.py +0 -0
t_sql-2.2.0/RELEASE_NOTES.md
DELETED
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
# Release Notes
|
|
2
|
-
|
|
3
|
-
## Version 2.2.0 (2025-01-XX)
|
|
4
|
-
|
|
5
|
-
### Fixed
|
|
6
|
-
|
|
7
|
-
**Parameter Name Sanitization for NAMED/PYFORMAT Styles**
|
|
8
|
-
|
|
9
|
-
Fixed a bug where complex Python expressions in t-strings would generate syntactically invalid SQL parameter names when using NAMED (`:name`) or PYFORMAT (`%(name)s`) parameter styles.
|
|
10
|
-
|
|
11
|
-
**Problem:**
|
|
12
|
-
- Complex expressions like `{data['key']}`, `{obj.attr}`, or `{func()}` would generate invalid SQL: `:data['key']`, `:obj.attr`, `:func()`
|
|
13
|
-
- These invalid parameter names caused database errors with SQLite, PostgreSQL, and other databases that use named parameters
|
|
14
|
-
- Example: `{a + b}` would generate `:a + b`, which databases would misinterpret as column references
|
|
15
|
-
|
|
16
|
-
**Solution:**
|
|
17
|
-
- Parameter names are now sanitized to valid SQL identifiers by replacing invalid characters with underscores
|
|
18
|
-
- Simple variable names are preserved for readability: `{user_input}` → `:user_input`
|
|
19
|
-
- Complex expressions are sanitized: `{data['key']}` → `:data__key__`, `{obj.name}` → `:obj_name`
|
|
20
|
-
- Collision detection ensures unique parameter names even with edge cases
|
|
21
|
-
|
|
22
|
-
**Breaking Change:**
|
|
23
|
-
- NAMED and PYFORMAT styles now correctly return `dict` parameters instead of `list`
|
|
24
|
-
- This aligns with SQL database driver expectations (SQLite, asyncpg, etc.)
|
|
25
|
-
- If you were manually handling parameters as lists, update to use dicts:
|
|
26
|
-
```python
|
|
27
|
-
# Before (incorrect):
|
|
28
|
-
sql, params = render(query, style=NAMED)
|
|
29
|
-
# params was ['value1', 'value2'] # Wrong!
|
|
30
|
-
|
|
31
|
-
# After (correct):
|
|
32
|
-
sql, params = render(query, style=NAMED)
|
|
33
|
-
# params is {'param1': 'value1', 'param2': 'value2'}
|
|
34
|
-
```
|
|
35
|
-
|
|
36
|
-
**Impact:**
|
|
37
|
-
- Queries using NAMED/PYFORMAT styles with complex expressions now work correctly
|
|
38
|
-
- All 247 existing tests continue to pass
|
|
39
|
-
- Added 10 new tests covering parameter name edge cases
|
|
40
|
-
|
|
41
|
-
This fix ensures t-sql generates valid SQL across all parameter styles and database drivers.
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|