[Erp5-report] r22223 - in /erp5/trunk/products/ZSQLCatalog: SearchKey/ tests/

nobody at svn.erp5.org nobody at svn.erp5.org
Wed Jul 2 17:56:59 CEST 2008 

Author: jerome
Date: Wed Jul  2 17:56:57 2008
New Revision: 22223

URL: http://svn.erp5.org?rev=22223&view=rev
Log:
using ExactMatch could generate invalid SQL

Modified:
    erp5/trunk/products/ZSQLCatalog/SearchKey/RawKey.py
    erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py

Modified: erp5/trunk/products/ZSQLCatalog/SearchKey/RawKey.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/SearchKey/RawKey.py?rev=22223&r1=22222&r2=22223&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/SearchKey/RawKey.py (original)
+++ erp5/trunk/products/ZSQLCatalog/SearchKey/RawKey.py Wed Jul  2 17:56:57 2008
@@ -39,8 +39,11 @@
 
   def buildSQLExpression(self, key, value, 
                          format=None, mode=None, range_value=None, stat__=None):
+
     if value is not None:
-      where_expression = "%s = '%s'" % (key, value)
+      value = self.quoteSQLString(value, format)
+      key = self.quoteSQLKey(key, format)
+      where_expression = "%s = %s" % (key, value)
     else:
       where_expression = "%s is NULL" % (key)
     return where_expression, []

Modified: erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py?rev=22223&r1=22222&r2=22223&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py (original)
+++ erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py Wed Jul  2 17:56:57 2008
@@ -384,6 +384,13 @@
                    select_expression_list=[]),
                 q.asSQLExpression())
 
+  def testQuotedStringExactMatch(self):
+    q = Query(title='Foo d\'Ba', key='ExactMatch')
+    self.assertEquals(
+              dict(where_expression="title = 'Foo d''Ba'",
+                   select_expression_list=[]),
+                q.asSQLExpression())
+
   def testQuotedStringFullTextKey(self):
     q = Query(title='Foo d\'Ba', type='fulltext')
     self.assertEquals(
@@ -391,6 +398,21 @@
              select_expression_list=["MATCH title AGAINST ('+Foo +d''Ba' IN BOOLEAN MODE)"
                                      " AS title_relevance"]),
           q.asSQLExpression())
+
+  def testQuotedStringListKeywordKey(self):
+    q = Query(title=('Foo d\'Ba',), key='Keyword')
+    self.assertEquals(
+              dict(where_expression="((((title LIKE '%Foo d''Ba%'))))",
+                   select_expression_list=[]),
+                q.asSQLExpression())
+
+  def testQuotedStringListExactMatch(self):
+    q = Query(title=('Foo d\'Ba',), key='ExactMatch')
+    self.assertEquals(
+              dict(where_expression="title = 'Foo d''Ba'",
+                   select_expression_list=[]),
+                q.asSQLExpression())
+
 
   def testQuotedStringDateKey(self):
     q = Query(title='Foo d\'Ba', type='date')

More information about the Erp5-report mailing list