SQLAlchemy:打印实际查询

时间:2011-04-12 06:12:00

标签: python sqlalchemy

我真的希望能够为我的应用程序打印出有效的SQL,包括值,而不是绑定参数,但是在SQLAlchemy中如何做到这一点并不明显(按照设计,我很确定)。

有没有人以一般方式解决这个问题?

8 个答案:

答案 0 :(得分:121)

在绝大多数情况下," stringification" SQLAlchemy语句或查询的简单程度如下:

print str(statement)

这适用于ORM Query以及任何select()或其他声明。

注意sqlalchemy documentation上正在维护以下详细答案。

要将语句编译为特定的方言或引擎,如果语句本身尚未绑定到语句本身,则可以将其传递给compile()

print statement.compile(someengine)

或没有引擎:

from sqlalchemy.dialects import postgresql
print statement.compile(dialect=postgresql.dialect())

当给出ORM Query对象时,为了获得compile()方法,我们只需首先访问.statement访问者:

statement = query.statement
print statement.compile(someengine)

关于最初的规定,约束参数是"内联"在最后的字符串中,这里的挑战是SQLAlchemy通常不会对此负责,因为这是由Python DBAPI适当处理的,更不用说绕过绑定参数可能是现代Web应用程序中最广泛利用的安全漏洞。 SQLAlchemy在某些情况下执行此字符串化的能力有限,例如发出DDL。要访问此功能,可以使用' literal_binds'标志,传递给compile_kwargs

from sqlalchemy.sql import table, column, select

t = table('t', column('x'))

s = select([t]).where(t.c.x == 5)

print s.compile(compile_kwargs={"literal_binds": True})

上述方法有一些警告,它只支持基本 类型,例如整数和字符串,以及bindparam 如果没有预先设定的值直接使用,它就无法实现 字符串化。

要支持不支持的类型的内联文字呈现,请执行 目标类型的TypeDecorator,包括a TypeDecorator.process_literal_param方法:

from sqlalchemy import TypeDecorator, Integer


class MyFancyType(TypeDecorator):
    impl = Integer

    def process_literal_param(self, value, dialect):
        return "my_fancy_formatting(%s)" % value

from sqlalchemy import Table, Column, MetaData

tab = Table('mytable', MetaData(), Column('x', MyFancyType()))

print(
    tab.select().where(tab.c.x > 5).compile(
        compile_kwargs={"literal_binds": True})
)

产生如下输出:

SELECT mytable.x
FROM mytable
WHERE mytable.x > my_fancy_formatting(5)

答案 1 :(得分:57)

这在python 2和3中有效,并且比以前更清晰,但需要SA> = 1.0。

from sqlalchemy.engine.default import DefaultDialect
from sqlalchemy.sql.sqltypes import String, DateTime, NullType

# python2/3 compatible.
PY3 = str is not bytes
text = str if PY3 else unicode
int_type = int if PY3 else (int, long)
str_type = str if PY3 else (str, unicode)


class StringLiteral(String):
    """Teach SA how to literalize various things."""
    def literal_processor(self, dialect):
        super_processor = super(StringLiteral, self).literal_processor(dialect)

        def process(value):
            if isinstance(value, int_type):
                return text(value)
            if not isinstance(value, str_type):
                value = text(value)
            result = super_processor(value)
            if isinstance(result, bytes):
                result = result.decode(dialect.encoding)
            return result
        return process


class LiteralDialect(DefaultDialect):
    colspecs = {
        # prevent various encoding explosions
        String: StringLiteral,
        # teach SA about how to literalize a datetime
        DateTime: StringLiteral,
        # don't format py2 long integers to NULL
        NullType: StringLiteral,
    }


def literalquery(statement):
    """NOTE: This is entirely insecure. DO NOT execute the resulting strings."""
    import sqlalchemy.orm
    if isinstance(statement, sqlalchemy.orm.Query):
        statement = statement.statement
    return statement.compile(
        dialect=LiteralDialect(),
        compile_kwargs={'literal_binds': True},
    ).string

演示:

# coding: UTF-8
from datetime import datetime
from decimal import Decimal

from literalquery import literalquery


def test():
    from sqlalchemy.sql import table, column, select

    mytable = table('mytable', column('mycol'))
    values = (
        5,
        u'snowman: ☃',
        b'UTF-8 snowman: \xe2\x98\x83',
        datetime.now(),
        Decimal('3.14159'),
        10 ** 20,  # a long integer
    )

    statement = select([mytable]).where(mytable.c.mycol.in_(values)).limit(1)
    print(literalquery(statement))


if __name__ == '__main__':
    test()

给出这个输出:(在python 2.7和3.4中测试)

SELECT mytable.mycol
FROM mytable
WHERE mytable.mycol IN (5, 'snowman: ☃', 'UTF-8 snowman: ☃',
      '2015-06-24 18:09:29.042517', 3.14159, 100000000000000000000)
 LIMIT 1

答案 2 :(得分:17)

鉴于您想要的仅在调试时才有意义,您可以使用echo=True启动SQLAlchemy,以记录所有SQL查询。例如:

engine = create_engine(
    "mysql://scott:tiger@hostname/dbname",
    encoding="latin1",
    echo=True,
)

这也可以针对单个请求进行修改:

  

echo=False - 如果True,引擎会将所有语句及其repr()参数列表记录到引擎记录器,默认为sys.stdout。可以随时修改echo Engine属性以打开和关闭日志记录。如果设置为字符串"debug",结果行也将打印到标准输出。此标志最终控制Python记录器;有关如何直接配置日志记录的信息,请参阅Configuring Logging

     

来源:SQLAlchemy Engine Configuration

如果与Flask一起使用,您只需设置

即可
app.config["SQLALCHEMY_ECHO"] = True

获得相同的行为。

答案 3 :(得分:12)

因此,基于@zzzeek对@ bukzor代码的评论,我想出了这个,以便轻松获得“可打印”的查询:

def prettyprintable(statement, dialect=None, reindent=True):
    """Generate an SQL expression string with bound parameters rendered inline
    for the given SQLAlchemy statement. The function can also receive a
    `sqlalchemy.orm.Query` object instead of statement.
    can 

    WARNING: Should only be used for debugging. Inlining parameters is not
             safe when handling user created data.
    """
    import sqlparse
    import sqlalchemy.orm
    if isinstance(statement, sqlalchemy.orm.Query):
        if dialect is None:
            dialect = statement.session.get_bind().dialect
        statement = statement.statement
    compiled = statement.compile(dialect=dialect,
                                 compile_kwargs={'literal_binds': True})
    return sqlparse.format(str(compiled), reindent=reindent)

我个人很难阅读没有缩进的代码,所以我使用sqlparse来重新编写SQL。它可以与pip install sqlparse一起安装。

答案 4 :(得分:10)

此代码基于来自@bukzor的精彩existing answer。我刚刚将datetime.datetime类型的自定义呈现添加到Oracle的TO_DATE()中。

随意更新代码以适合您的数据库:

import decimal
import datetime

def printquery(statement, bind=None):
    """
    print a query, with values filled in
    for debugging purposes *only*
    for security, you should always separate queries from their values
    please also note that this function is quite slow
    """
    import sqlalchemy.orm
    if isinstance(statement, sqlalchemy.orm.Query):
        if bind is None:
            bind = statement.session.get_bind(
                    statement._mapper_zero_or_none()
            )
        statement = statement.statement
    elif bind is None:
        bind = statement.bind 

    dialect = bind.dialect
    compiler = statement._compiler(dialect)
    class LiteralCompiler(compiler.__class__):
        def visit_bindparam(
                self, bindparam, within_columns_clause=False, 
                literal_binds=False, **kwargs
        ):
            return super(LiteralCompiler, self).render_literal_bindparam(
                    bindparam, within_columns_clause=within_columns_clause,
                    literal_binds=literal_binds, **kwargs
            )
        def render_literal_value(self, value, type_):
            """Render the value of a bind parameter as a quoted literal.

            This is used for statement sections that do not accept bind paramters
            on the target driver/database.

            This should be implemented by subclasses using the quoting services
            of the DBAPI.

            """
            if isinstance(value, basestring):
                value = value.replace("'", "''")
                return "'%s'" % value
            elif value is None:
                return "NULL"
            elif isinstance(value, (float, int, long)):
                return repr(value)
            elif isinstance(value, decimal.Decimal):
                return str(value)
            elif isinstance(value, datetime.datetime):
                return "TO_DATE('%s','YYYY-MM-DD HH24:MI:SS')" % value.strftime("%Y-%m-%d %H:%M:%S")

            else:
                raise NotImplementedError(
                            "Don't know how to literal-quote value %r" % value)            

    compiler = LiteralCompiler(dialect, statement)
    print compiler.process(statement)

答案 5 :(得分:9)

为此,我们可以使用compile方法。来自docs

from sqlalchemy.sql import text
from sqlalchemy.dialects import postgresql

stmt = text("SELECT * FROM users WHERE users.name BETWEEN :x AND :y")
stmt = stmt.bindparams(x="m", y="z")

print(stmt.compile(dialect=postgresql.dialect(),compile_kwargs={"literal_binds": True}))

结果:

SELECT * FROM users WHERE users.name BETWEEN 'm' AND 'z'

答案 6 :(得分:5)

我想指出的是,上面给出的解决方案并非只是工作"有非平凡的查询。我遇到的一个问题是更复杂的类型,例如导致问题的pgsql ARRAY。我确实找到了一个解决方案,对我来说,即使使用pgsql ARRAYs也能正常工作:

借来自: https://gist.github.com/gsakkis/4572159

链接代码似乎基于较旧版本的SQLAlchemy。您将收到错误消息,指出属性_mapper_zero_or_none不存在。这是一个可以使用更新版本的更新版本,您只需用bind替换_mapper_zero_or_none即可。另外,这支持pgsql数组:

# adapted from:
# https://gist.github.com/gsakkis/4572159
from datetime import date, timedelta
from datetime import datetime

from sqlalchemy.orm import Query


try:
    basestring
except NameError:
    basestring = str


def render_query(statement, dialect=None):
    """
    Generate an SQL expression string with bound parameters rendered inline
    for the given SQLAlchemy statement.
    WARNING: This method of escaping is insecure, incomplete, and for debugging
    purposes only. Executing SQL statements with inline-rendered user values is
    extremely insecure.
    Based on http://stackoverflow.com/questions/5631078/sqlalchemy-print-the-actual-query
    """
    if isinstance(statement, Query):
        if dialect is None:
            dialect = statement.session.bind.dialect
        statement = statement.statement
    elif dialect is None:
        dialect = statement.bind.dialect

    class LiteralCompiler(dialect.statement_compiler):

        def visit_bindparam(self, bindparam, within_columns_clause=False,
                            literal_binds=False, **kwargs):
            return self.render_literal_value(bindparam.value, bindparam.type)

        def render_array_value(self, val, item_type):
            if isinstance(val, list):
                return "{%s}" % ",".join([self.render_array_value(x, item_type) for x in val])
            return self.render_literal_value(val, item_type)

        def render_literal_value(self, value, type_):
            if isinstance(value, long):
                return str(value)
            elif isinstance(value, (basestring, date, datetime, timedelta)):
                return "'%s'" % str(value).replace("'", "''")
            elif isinstance(value, list):
                return "'{%s}'" % (",".join([self.render_array_value(x, type_.item_type) for x in value]))
            return super(LiteralCompiler, self).render_literal_value(value, type_)

    return LiteralCompiler(dialect, statement).process(statement)

测试了两级嵌套数组。

答案 7 :(得分:2)

只是一个带有 ORM 查询和 pygments 的简单彩色示例。<​​/p>

<html>
<body>
  <p id="score"></p>
  <p id="lives"></p>

  <div id="center">
    <p id="word"></p>
  </div>
  
  <div>
    <div id="playBtns">
      <button name="submit" class="action_btn_left seen" type="button" onclick="thing(1)">Seen</button>

      <button name="submit" class="action_btn_right new" type="button" onclick="thing(0)">New</button>
    </div>
    
    <div id="playAgainBtn" style="display:none">
            <button name="submit" class="action_btn_right new" type="button" onclick="start()">Play again</button>
    </div>
  </div>
</body>
</html>

或者没有 sqlparse 的版本(没有 sqlparse,输出中的新行更少)

import sqlparse
from pygments import highlight
from pygments.formatters.terminal import TerminalFormatter
from pygments.lexers import SqlLexer
from sqlalchemy import create_engine
from sqlalchemy.orm import Query

engine = create_engine("sqlite+pysqlite:///db.sqlite", echo=True, future=True)

def format_sql(query: Query):
    compiled = query.statement.compile(
         engine, compile_kwargs={"literal_binds": True})
    parsed = sqlparse.format(str(compiled), reindent=True, keyword_case='upper')
    print(highlight(parsed, SqlLexer(), TerminalFormatter()))