Changeset 743 for trunk/pg.py


Ignore:
Timestamp:
Jan 14, 2016, 12:32:01 PM (4 years ago)
Author:
cito
Message:

Test error messages and security of the get() method

The get() method should be immune against SQL hacking with apostrophes in
values, and give a proper and helpful error message if a row is not found.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/pg.py

    r740 r743  
    370370        params.append(value)
    371371        return '$%d' % len(params)
     372
     373    def _list_params(self, params):
     374        """Create a human readable parameter list."""
     375        return ', '.join('$%d=%r' % (n, v) for n, v in enumerate(params, 1))
    372376
    373377    @staticmethod
     
    661665        res = q.dictresult()
    662666        if not res:
    663             raise _db_error('No such record in %s where %s' % (table, where))
     667            raise _db_error('No such record in %s\nwhere %s\nwith %s' % (
     668                table, where, self._list_params(params)))
    664669        for n, value in res[0].items():
    665670            if n == 'oid':
Note: See TracChangeset for help on using the changeset viewer.