[Sqlalchemy-tickets] Issue #2992: Strings not escaped when used as filter arguments (zzzeek/sqlalch
Brought to you by:
zzzeek
Menu
▾
▴
[Sqlalchemy-tickets] Issue #2992: Strings not escaped when used as filter arguments (zzzeek/sqlalchemy)
|
From: malthe <iss...@bi...> - 2014-03-13 08:31:34
|
New issue 2992: Strings not escaped when used as filter arguments https://bitbucket.org/zzzeek/sqlalchemy/issue/2992/strings-not-escaped-when-used-as-filter malthe: The ``filter()`` method accepts string arguments and uses them as raw SQL. This is unexpected, because everywhere else, only strings wrapped in ``text()`` are used as-is. I consider this a bug, because it is a very questionable feature to allow raw SQL implicitly. |
