1. Mike Bayer Avatar Mike Bayer
  2. Untitled project
  3. sqlalchemy_old
  4. Issues

Autoescaping startswith

Issue #2694 resolved
Marcin Kasperski created an issue

Current implementation of .startswith filter does not escape _ and % characters, so they match any character/any character sequence. This is rather unexpected (at least the fact that .startswith("a_b") finds "a/b" was fairly surprising for me) and requires users to manually escape parameters. See http://pastebin.com/qsCjybMz for short script which illustrates current behaviour.

It would be nice to have .startswith which automatically escapes parameter. As in #1169 I was warned that current default must be kept, and introducing new name is not very aestethic, I would suggest new parameter, for example

    .startswith("a_b", autoescape=True)

(SQLAlchemy escapes string using whatever character is best and safest for given db backend) and

    .startswith("a_b", autoescape='#')

(SQLAlchemy uses given escape character)

Note: I am not sure whether/what should be done in case we .startswith(dbcolumn)

Note 2: startswith docs could really mention (current) escape param, (current) % and _ active behaviour and (implemented here) new param.

Comments (10)

  1. Marcin Kasperski reporter

    (added benefit of introducing behaviour as new param not new function: the whole problem would be more likely to be noticed by .startswith users)

  2. Mike Bayer repo owner
    • assigned issue to
    • changed component to sql
    • changed milestone to 0.8.xx

    yeah definitely kw argument and i think if the given expression is not a string it has to raise NotImplementedError().

  9. Mike Bayer repo owner

    this might be in good shape to go in for 1.2, gerrit looks good + lots of great new docstrings

  11. Log in to comment
Assignee
Type
enhancement
Priority
major
Status
resolved
Component
sql
Milestone
1.2
Votes
0
Watchers
4
Jira: the preferred issue tracker for Bitbucket. Join the team!