11from __future__ import unicode_literals
2- from jinja2 import contextfilter
32from jinja2 import Environment
43from jinja2 import Template
54from jinja2 .ext import Extension
65from jinja2 .lexer import Token
7- from jinja2 .utils import Markup
6+ from jinja2 .utils import markupsafe
87from collections .abc import Iterable
98
109try :
@@ -96,7 +95,7 @@ def filter_stream(self, stream):
9695def sql_safe (value ):
9796 """Filter to mark the value of an expression as safe for inserting
9897 in a SQL statement"""
99- return Markup (value )
98+ return markupsafe . Markup (value )
10099
101100def identifier (value ):
102101 """A filter that escapes a SQL identifier, usually database objects
@@ -117,7 +116,7 @@ def escape_postgres(tuple_or_str):
117116 values = (tuple_or_str , ) if not isinstance (tuple_or_str , tuple ) else tuple_or_str
118117 def escape_double_quotes (value ):
119118 return value .replace ('"' , '""' )
120- return Markup ('.' .join ('"{}"' .format (escape_double_quotes (value )) for value in values ))
119+ return markupsafe . Markup ('.' .join ('"{}"' .format (escape_double_quotes (value )) for value in values ))
121120
122121def bind (value , name ):
123122 """A filter that prints %s, and stores the value
@@ -126,7 +125,7 @@ def bind(value, name):
126125 This filter is automatically applied to every {{variable}}
127126 during the lexing stage, so developers can't forget to bind
128127 """
129- if isinstance (value , Markup ):
128+ if isinstance (value , markupsafe . Markup ):
130129 return value
131130 else :
132131 return _bind_param (_thread_local .bind_params , name , value )
@@ -175,7 +174,7 @@ def identifier_filter(raw_identifier):
175174 raw_identifier = (raw_identifier , )
176175 if not isinstance (raw_identifier , Iterable ):
177176 raise ValueError ("identifier filter expects a string or an Iterable" )
178- return Markup ('.' .join (quote_and_escape (s ) for s in raw_identifier ))
177+ return markupsafe . Markup ('.' .join (quote_and_escape (s ) for s in raw_identifier ))
179178
180179 return identifier_filter
181180
@@ -195,12 +194,14 @@ class JinjaSql(object):
195194 # asyncpg "where name = $1"
196195 VALID_PARAM_STYLES = ('qmark' , 'numeric' , 'named' , 'format' , 'pyformat' , 'asyncpg' )
197196 VALID_ID_QUOTE_CHARS = ('`' , '"' )
198- def __init__ (self , env = None , param_style = 'format ' , db_engine = 'postgres' , identifier_quote_character = '"' ):
197+ def __init__ (self , env = None , param_style = 'named ' , db_engine = 'postgres' , identifier_quote_character = '"' ):
199198 # self.env = env or Environment()
200199 # self._prepare_environment()
201200 self .param_style = param_style
202201 if identifier_quote_character not in self .VALID_ID_QUOTE_CHARS :
203- raise ValueError ("identifier_quote_characters must be one of " + VALID_ID_QUOTE_CHARS )
202+ raise ValueError (
203+ f"identifier_quote_characters must be one of { JinjaSql .VALID_ID_QUOTE_CHARS }
204+ )
204205 self .identifier_quote_character = identifier_quote_character
205206 self .db_engine = db_engine
206207 self .env = env or Environment ()
@@ -209,7 +210,6 @@ def __init__(self, env=None, param_style='format', db_engine='postgres', identif
209210 def _prepare_environment (self ):
210211 self .env .autoescape = True
211212 self .env .add_extension (SqlExtension )
212- self .env .add_extension ('jinja2.ext.autoescape' )
213213 self .env .filters ["bind" ] = bind
214214 self .env .filters ["sqlsafe" ] = sql_safe
215215 self .env .filters ["inclause" ] = bind_in_clause
@@ -234,7 +234,7 @@ def _prepare_query(self, template, data):
234234 if self .param_style in ('named' , 'pyformat' ):
235235 bind_params = dict (bind_params )
236236 elif self .param_style in ('qmark' , 'numeric' , 'format' , 'asyncpg' ):
237- bind_params = list (bind_params .values ())
237+ bind_params = tuple (bind_params .values ())
238238 return query , bind_params
239239 finally :
240240 del _thread_local .bind_params
0 commit comments