From d8e0e009195b2388fb53012c1f0fa786426dc05f Mon Sep 17 00:00:00 2001 From: "Erlend E. Aasland" Date: Tue, 14 May 2024 12:10:55 -0400 Subject: gh-118928: sqlite3: disallow sequences of params with named placeholders (#118929) Follow-up of gh-101693. The previous DeprecationWarning is replaced with raising sqlite3.ProgrammingError. Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- Doc/whatsnew/3.14.rst | 5 +++++ Lib/test/test_sqlite3/test_dbapi.py | 3 +-- .../next/Library/2024-05-10-22-36-01.gh-issue-118928.IW7Ukv.rst | 2 ++ Modules/_sqlite/cursor.c | 8 ++------ 4 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2024-05-10-22-36-01.gh-issue-118928.IW7Ukv.rst diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst index bcb1098..33a0f3e 100644 --- a/Doc/whatsnew/3.14.rst +++ b/Doc/whatsnew/3.14.rst @@ -142,6 +142,11 @@ sqlite3 * Remove :data:`!version` and :data:`!version_info` from :mod:`sqlite3`. (Contributed by Hugo van Kemenade in :gh:`118924`.) +* Disallow using a sequence of parameters with named placeholders. + This had previously raised a :exc:`DeprecationWarning` since Python 3.12; + it will now raise a :exc:`sqlite3.ProgrammingError`. + (Contributed by Erlend E. Aasland in :gh:`118928` and :gh:`101693`.) + typing ------ diff --git a/Lib/test/test_sqlite3/test_dbapi.py b/Lib/test/test_sqlite3/test_dbapi.py index 1f71b5c..293bacc 100644 --- a/Lib/test/test_sqlite3/test_dbapi.py +++ b/Lib/test/test_sqlite3/test_dbapi.py @@ -878,9 +878,8 @@ class CursorTests(unittest.TestCase): msg = "Binding.*is a named parameter" for query, params in dataset: with self.subTest(query=query, params=params): - with self.assertWarnsRegex(DeprecationWarning, msg) as cm: + with self.assertRaisesRegex(sqlite.ProgrammingError, msg) as cm: self.cu.execute(query, params) - self.assertEqual(cm.filename, __file__) def test_execute_indexed_nameless_params(self): # See gh-117995: "'?1' is considered a named placeholder" diff --git a/Misc/NEWS.d/next/Library/2024-05-10-22-36-01.gh-issue-118928.IW7Ukv.rst b/Misc/NEWS.d/next/Library/2024-05-10-22-36-01.gh-issue-118928.IW7Ukv.rst new file mode 100644 index 0000000..91c95e4 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-05-10-22-36-01.gh-issue-118928.IW7Ukv.rst @@ -0,0 +1,2 @@ +Disallow using a sequence of parameters with named placeholders in +:mod:`sqlite3` queries. Patch by Erlend E. Aasland. diff --git a/Modules/_sqlite/cursor.c b/Modules/_sqlite/cursor.c index 950596e..5d4b77b 100644 --- a/Modules/_sqlite/cursor.c +++ b/Modules/_sqlite/cursor.c @@ -670,15 +670,11 @@ bind_parameters(pysqlite_state *state, pysqlite_Statement *self, for (i = 0; i < num_params; i++) { const char *name = sqlite3_bind_parameter_name(self->st, i+1); if (name != NULL && name[0] != '?') { - int ret = PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + PyErr_Format(state->ProgrammingError, "Binding %d ('%s') is a named parameter, but you " "supplied a sequence which requires nameless (qmark) " - "placeholders. Starting with Python 3.14 an " - "sqlite3.ProgrammingError will be raised.", + "placeholders.", i+1, name); - if (ret < 0) { - return; - } } if (PyTuple_CheckExact(parameters)) { -- cgit v0.12