From 29ce1b381121645589cb18906682fe79b11a69b8 Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Tue, 20 Jun 2017 11:56:17 +0200 Subject: [PATCH] Add column order in SqlTable._insert_query _insert_query gets called with a query and dict of values such as: {'val': 1, 'lucky': False, 'name': 'one'} Via bindValues(), we only assign a placeholder in the query string to a value, so we get a query with bindings like: INSERT INTO Foo values(:lucky,:val,:name) {':name': 'one', ':val': 1, ':lucky': False} So what we're executing is something like: INSERT INTO Foo values(false,1,"one") However, if the column order in the database doesn't happen to be the order we're passing the values in, we get the wrong values in the wrong columns. Instead, we now do: INSERT INTO Foo (lucky, val, name) values(false,1,"one") Which inserts the values in the order we intended. With Python 3.6, this just happened to work before because we always passed the keyword arguments in the table column order, and in 3.6 dicts (and thus **kwargs) happen to be ordered: https://mail.python.org/pipermail/python-dev/2016-September/146327.html --- qutebrowser/misc/sql.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qutebrowser/misc/sql.py b/qutebrowser/misc/sql.py index 717ae3c0f..1f93f8c06 100644 --- a/qutebrowser/misc/sql.py +++ b/qutebrowser/misc/sql.py @@ -187,7 +187,8 @@ class SqlTable(QObject): def _insert_query(self, values, replace): params = ','.join(':{}'.format(key) for key in values) verb = "REPLACE" if replace else "INSERT" - return Query("{} INTO {} values({})".format(verb, self._name, params)) + return Query("{} INTO {} ({}) values({})".format( + verb, self._name, ','.join(values), params)) def insert(self, values, replace=False): """Append a row to the table.