From 21a7bfcf75abc01dac16ddcebc750bcb3f4fd140 Mon Sep 17 00:00:00 2001 From: The Ghost of Christmas Never Date: Thu, 10 Apr 2025 18:39:15 -0500 Subject: [PATCH 1/2] escape composed identifiers --- pymysql/cursors.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pymysql/cursors.py b/pymysql/cursors.py index 8be05ca2..9b69d098 100644 --- a/pymysql/cursors.py +++ b/pymysql/cursors.py @@ -253,7 +253,7 @@ def callproc(self, procname, args=()): """ conn = self._get_db() if args: - fmt = f"@_{procname}_%d=%s" + fmt = f"`@_{procname}_%d`=%s" self._query( "SET %s" % ",".join( @@ -262,9 +262,9 @@ def callproc(self, procname, args=()): ) self.nextset() - q = "CALL {}({})".format( + q = "CALL `{}`({})".format( procname, - ",".join(["@_%s_%d" % (procname, i) for i in range(len(args))]), + ",".join(["`@_%s_%d`" % (procname, i) for i in range(len(args))]), ) self._query(q) self._executed = q From cb45050004398349c71d84937d8f8e7b56b5440f Mon Sep 17 00:00:00 2001 From: The Ghost of Christmas Never Date: Thu, 10 Apr 2025 18:46:50 -0500 Subject: [PATCH 2/2] cleanup and modernization --- pymysql/cursors.py | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/pymysql/cursors.py b/pymysql/cursors.py index 9b69d098..9da460d7 100644 --- a/pymysql/cursors.py +++ b/pymysql/cursors.py @@ -252,20 +252,13 @@ def callproc(self, procname, args=()): disconnected. """ conn = self._get_db() + server_params = {f'`@_{procname}_{index:d}`': arg for index,arg in enumerate(args)} + if args: - fmt = f"`@_{procname}_%d`=%s" - self._query( - "SET %s" - % ",".join( - fmt % (index, conn.escape(arg)) for index, arg in enumerate(args) - ) - ) + self._query("SET {}".format(",".join("{k}={v}" for k,v in server_params.items()))) self.nextset() - q = "CALL `{}`({})".format( - procname, - ",".join(["`@_%s_%d`" % (procname, i) for i in range(len(args))]), - ) + q = f"CALL `{procname}`({{}})".format(",".join(server_params.keys())) self._query(q) self._executed = q return args