BUG#23342572: Allow dictionaries as parameters in prepared statements

nmariz · nmariz · commit ab27bcbc1e5c · 2022-11-03T14:27:26.000Z
This patch enables the usage of dictionaries as parameters in prepared
statements, using the '%(param)s' format as placeholders.

Thank you for the contribution.

Change-Id: Ia401ede4fd0cccc7091db3ae7e31a0d33ed9b992
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -28,6 +28,7 @@ v8.0.32
 - BUG#28020811: Fix multiple reference leaks in the C extension
 - BUG#27426532: Reduce callproc roundtrip time
 - BUG#24364556: Improve warning behavior
+- BUG#23342572: Allow dictionaries as parameters in prepared statements
 
 v8.0.31
 =======
diff --git a/lib/mysql/connector/cursor.py b/lib/mysql/connector/cursor.py
@@ -101,6 +101,8 @@
 )
 RE_SQL_SPLIT_STMTS = re.compile(b""";(?=(?:[^"'`]*["'`].*["'`])*[^"'`]*$)""")
 RE_SQL_FIND_PARAM = re.compile(b"""%s(?=(?:[^"'`]*["'`][^"'`]*["'`])*[^"'`]*$)""")
+RE_SQL_PYTHON_REPLACE_PARAM = re.compile(r"%\(.*?\)s")
+RE_SQL_PYTHON_CAPTURE_PARAM_NAME = re.compile(r"%\((.*?)\)s")
 
 ERR_NO_RESULT_TO_FETCH = "No result set to fetch from"
 
@@ -1303,7 +1305,7 @@ def _handle_result(self, result: ResultType) -> None:
     def execute(
         self,
         operation: StrOrBytes,
-        params: Optional[ParamsSequenceType] = None,
+        params: Optional[ParamsSequenceOrDictType] = None,
         multi: bool = False,
     ) -> None:  # multi is unused
         """Prepare and execute a MySQL Prepared Statement
@@ -1316,22 +1318,40 @@ def execute(
 
         Note: argument "multi" is unused.
         """
+        charset = self._connection.charset
+        if charset == "utf8mb4":
+            charset = "utf8"
+
+        if not isinstance(operation, str):
+            try:
+                operation = operation.decode(charset)
+            except UnicodeDecodeError as err:
+                raise ProgrammingError(str(err)) from err
+
+        if isinstance(params, dict):
+            replacement_keys = re.findall(RE_SQL_PYTHON_CAPTURE_PARAM_NAME, operation)
+            try:
+                # Replace params dict with params tuple in correct order.
+                params = tuple(params[key] for key in replacement_keys)
+            except KeyError as err:
+                raise ProgrammingError(
+                    "Not all placeholders were found in the parameters dict"
+                ) from err
+            # Convert %(name)s to ? before sending it to MySQL
+            operation = re.sub(RE_SQL_PYTHON_REPLACE_PARAM, "?", operation)
+
         if operation is not self._executed:
             if self._prepared:
                 self._connection.cmd_stmt_close(self._prepared["statement_id"])
-
             self._executed = operation
+
             try:
-                if not isinstance(operation, bytes):
-                    charset = self._connection.charset
-                    if charset == "utf8mb4":
-                        charset = "utf8"
-                    operation = operation.encode(charset)
-            except (UnicodeDecodeError, UnicodeEncodeError) as err:
+                operation = operation.encode(charset)
+            except UnicodeEncodeError as err:
                 raise ProgrammingError(str(err)) from err
 
-            # need to convert %s to ? before sending it to MySQL
             if b"%s" in operation:
+                # Convert %s to ? before sending it to MySQL
                 operation = re.sub(RE_SQL_FIND_PARAM, b"?", operation)
 
             try:
diff --git a/lib/mysql/connector/cursor_cext.py b/lib/mysql/connector/cursor_cext.py
@@ -77,6 +77,8 @@
     RE_SQL_INSERT_STMT,
     RE_SQL_INSERT_VALUES,
     RE_SQL_ON_DUPLICATE,
+    RE_SQL_PYTHON_CAPTURE_PARAM_NAME,
+    RE_SQL_PYTHON_REPLACE_PARAM,
     RE_SQL_SPLIT_STMTS,
 )
 from .errorcode import CR_NO_RESULT_SET
@@ -1095,7 +1097,7 @@ def reset(self, free: bool = True) -> None:
     def execute(
         self,
         operation: StrOrBytes,
-        params: Optional[ParamsSequenceType] = None,
+        params: Optional[ParamsSequenceOrDictType] = None,
         multi: bool = False,
     ) -> None:  # multi is unused
         """Prepare and execute a MySQL Prepared Statement
@@ -1119,23 +1121,40 @@ def execute(
 
         self._cnx.handle_unread_result(prepared=True)
 
+        charset = self._cnx.charset
+        if charset == "utf8mb4":
+            charset = "utf8"
+
+        if not isinstance(operation, str):
+            try:
+                operation = operation.decode(charset)
+            except UnicodeDecodeError as err:
+                raise ProgrammingError(str(err)) from err
+
+        if isinstance(params, dict):
+            replacement_keys = re.findall(RE_SQL_PYTHON_CAPTURE_PARAM_NAME, operation)
+            try:
+                # Replace params dict with params tuple in correct order.
+                params = tuple(params[key] for key in replacement_keys)
+            except KeyError as err:
+                raise ProgrammingError(
+                    "Not all placeholders were found in the parameters dict"
+                ) from err
+            # Convert %(name)s to ? before sending it to MySQL
+            operation = re.sub(RE_SQL_PYTHON_REPLACE_PARAM, "?", operation)
+
         if operation is not self._executed:
             if self._stmt:
                 self._cnx.cmd_stmt_close(self._stmt)
-
             self._executed = operation
 
             try:
-                if not isinstance(operation, bytes):
-                    charset = self._cnx.charset
-                    if charset == "utf8mb4":
-                        charset = "utf8"
-                    operation = operation.encode(charset)
-            except (UnicodeDecodeError, UnicodeEncodeError) as err:
+                operation = operation.encode(charset)
+            except UnicodeEncodeError as err:
                 raise ProgrammingError(str(err)) from err
 
-            # need to convert %s to ? before sending it to MySQL
             if b"%s" in operation:
+                # Convert %s to ? before sending it to MySQL
                 operation = re.sub(RE_SQL_FIND_PARAM, b"?", operation)
 
             try:
diff --git a/tests/cext/test_cext_cursor.py b/tests/cext/test_cext_cursor.py
@@ -31,6 +31,7 @@
 """Testing the C Extension cursors
 """
 
+import copy
 import datetime
 import decimal
 import logging
@@ -845,6 +846,69 @@ class CMySQLCursorPreparedTests(tests.CMySQLCursorTests):
         "POINT(21.2, 34.2), ?)"
     )
 
+    insert_dict_stmt = (
+        "INSERT INTO {0} ("
+        "my_null, "
+        "my_bit, "
+        "my_tinyint, "
+        "my_smallint, "
+        "my_mediumint, "
+        "my_int, "
+        "my_bigint, "
+        "my_decimal, "
+        "my_float, "
+        "my_double, "
+        "my_date, "
+        "my_time, "
+        "my_datetime, "
+        "my_year, "
+        "my_char, "
+        "my_varchar, "
+        "my_enum, "
+        "my_geometry, "
+        "my_blob) "
+        "VALUES ("
+        "%(my_null)s, "
+        "B'1111100', "
+        "%(my_tinyint)s, "
+        "%(my_smallint)s, "
+        "%(my_mediumint)s, "
+        "%(my_int)s, "
+        "%(my_bigint)s, "
+        "%(my_decimal)s, "
+        "%(my_float)s, "
+        "%(my_double)s, "
+        "%(my_date)s, "
+        "%(my_time)s, "
+        "%(my_datetime)s, "
+        "%(my_year)s, "
+        "%(my_char)s, "
+        "%(my_varchar)s, "
+        "%(my_enum)s, "
+        "POINT(21.2, 34.2), "
+        "%(my_blob)s)"
+    )
+
+    insert_columns = (
+        "my_null",
+        "my_tinyint",
+        "my_smallint",
+        "my_mediumint",
+        "my_int",
+        "my_bigint",
+        "my_decimal",
+        "my_float",
+        "my_double",
+        "my_date",
+        "my_time",
+        "my_datetime",
+        "my_year",
+        "my_char",
+        "my_varchar",
+        "my_enum",
+        "my_blob",
+    )
+
     data = (
         None,
         127,
@@ -939,11 +1003,32 @@ def test_fetchmany(self):
         self.assertEqual(len(rows), 1)
         self.assertEqual(rows[0][1:], self.exp)
 
+    def test_execute(self):
+        # Use dict as placeholders
+        data_dict = dict(zip(self.insert_columns, self.data))
+
+        self.cur.execute(self.insert_dict_stmt.format(self.tbl), data_dict)
+        self.cur.execute(f"SELECT * FROM {self.tbl}")
+        rows = self.cur.fetchall()
+        self.assertEqual(len(rows), 1)
+        self.assertEqual(rows[0][1:], self.exp)
+
     def test_executemany(self):
         data = [self.data[:], self.data[:]]
         self.cur.executemany(self.insert_stmt.format(self.tbl), data)
-        self.cur.execute("SELECT * FROM {0}".format(self.tbl))
+        self.cur.execute(f"SELECT * FROM {self.tbl}")
         rows = self.cur.fetchall()
         self.assertEqual(len(rows), 2)
         self.assertEqual(rows[0][1:], self.exp)
         self.assertEqual(rows[1][1:], self.exp)
+
+        # Use dict as placeholders
+        data_dict = dict(zip(self.insert_columns, self.data))
+        data = [data_dict, copy.deepcopy(data_dict)]
+
+        self.cur.executemany(self.insert_dict_stmt.format(self.tbl), data)
+        self.cur.execute(f"SELECT * FROM {self.tbl}")
+        rows = self.cur.fetchall()
+        self.assertEqual(len(rows), 4)
+        self.assertEqual(rows[0][1:], self.exp)
+        self.assertEqual(rows[1][1:], self.exp)
diff --git a/tests/test_cursor.py b/tests/test_cursor.py
@@ -1309,6 +1309,29 @@ def test_execute(self):
         self.assertEqual(statement_id, cur._prepared["statement_id"])
         self.assertEqual(exp, cur.fetchone())
 
+        # Use dict as placeholders
+        data = {"value1": 4, "value2": 5}
+        exp = (6.4031242374328485,)
+        stmt = "SELECT SQRT(POW(%(value1)s, 2) + POW(%(value2)s, 2)) AS hypotenuse"
+        cur.execute(stmt, data)
+        # See BUG#31964167 about this change in 8.0.22
+        statement_id = 4 if tests.MYSQL_VERSION < (8, 0, 24) else 6
+        self.assertEqual(statement_id, cur._prepared["statement_id"])
+        self.assertEqual(exp, cur.fetchone())
+
+        # Re-use statement
+        data = {"value1": 3, "value2": 4}
+        exp = (5.0,)
+        cur.execute(stmt, data)
+        # See BUG#31964167 about this change in 8.0.22
+        statement_id = 5 if tests.MYSQL_VERSION < (8, 0, 24) else 7
+        self.assertEqual(statement_id, cur._prepared["statement_id"])
+        self.assertEqual(exp, cur.fetchone())
+
+        # Raise ProgrammingError if placeholder doesn't exist in dict
+        stmt = "SELECT SQRT(POW(%(value1)s, 2) + POW(%(unknown)s, 2)) AS hypotenuse"
+        self.assertRaises(errors.ProgrammingError, cur.execute, stmt, data)
+
     def test_executemany(self):
         cur = self.cnx.cursor(cursor_class=cursor.MySQLCursorPrepared)
 
@@ -1327,10 +1350,8 @@ def test_executemany(self):
 
         tbl = "myconnpy_cursor"
         self._test_execute_setup(self.cnx, tbl)
-        stmt_insert = "INSERT INTO {table} (col1,col2) VALUES (%s, %s)".format(
-            table=tbl
-        )
-        stmt_select = "SELECT col1,col2 FROM {table} ORDER BY col1".format(table=tbl)
+        stmt_insert = f"INSERT INTO {tbl} (col1, col2) VALUES (%s, %s)"
+        stmt_select = f"SELECT col1, col2 FROM {tbl} ORDER BY col1"
 
         cur.executemany(stmt_insert, [(1, 100), (2, 200), (3, 300)])
         self.assertEqual(3, cur.rowcount)
@@ -1346,10 +1367,22 @@ def test_executemany(self):
         )
 
         data = [(2,), (3,)]
-        stmt = "DELETE FROM {table} WHERE col1 = %s".format(table=tbl)
+        stmt = f"DELETE FROM {tbl} WHERE col1 = %s"
         cur.executemany(stmt, data)
         self.assertEqual(2, cur.rowcount)
 
+        # Use dict as placeholders
+        stmt_insert = f"INSERT INTO {tbl} (col1, col2) VALUES (%(col1)s, %(col2)s)"
+        cur.executemany(
+            stmt_insert,
+            [
+                {"col1": 3, "col2": 100},
+                {"col1": 4, "col2": 200},
+                {"col1": 5, "col2": 300},
+            ],
+        )
+        self.assertEqual(3, cur.rowcount)
+
         self._test_execute_cleanup(self.cnx, tbl)
         cur.close()
 
