def sql_profile(request): """ Returns the output of running the SQL and getting the profiling statistics. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values time: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') params = request.GET.get('params', '') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().strip().startswith('select'): params = simplejson.loads(params) cursor = connection.cursor() cursor.execute("SET PROFILING=1") # Enable profiling cursor.execute(sql, params) # Execute SELECT cursor.execute("SET PROFILING=0") # Disable profiling # The Query ID should always be 1 here but I'll subselect to get the last one just in case... cursor.execute("SELECT * FROM information_schema.profiling WHERE query_id=(SELECT query_id FROM information_schema.profiling ORDER BY query_id DESC LIMIT 1)") headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), 'time': request.GET.get('time', 0.0), 'headers': headers, } return render_to_response('debug_toolbar/panels/sql_explain.html', context) raise InvalidSQLError("Only 'select' queries are allowed.")
def sql_select(request): """ Returns the output of the SQL SELECT statement. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values duration: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') params = request.GET.get('params', '') alias = request.GET.get('alias', 'default') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().strip().startswith('select'): params = simplejson.loads(params) cursor = connections[alias].cursor() cursor.execute(sql, params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), 'duration': request.GET.get('duration', 0.0), 'headers': headers, 'alias': alias, } return render_to_response('debug_toolbar/panels/sql_select.html', context) raise InvalidSQLError("Only 'select' queries are allowed.")
def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values time: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') params = request.GET.get('params', '') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert if sql.lower().startswith('select'): params = simplejson.loads(params) cursor = connection.cursor() cursor.execute("EXPLAIN %s" % (sql,), params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), 'time': request.GET.get('time', 0.0), 'headers': headers, } return render_to_response('debug_toolbar/panels/sql_explain.html', context)
def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. Expected GET variables: sql: urlencoded sql with position arguments params: JSON encoded parameter values time: time for SQL to execute passed in from toolbar just for redisplay """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') if sql.lower().startswith('select'): params = simplejson.loads(request.GET.get('params', '')) cursor = connection.cursor() cursor.execute("EXPLAIN %s" % (sql, ), params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql(cursor.db.ops.last_executed_query( cursor, sql, params)), 'time': request.GET.get('time', 0.0), 'headers': headers, } return render_to_response('debug_toolbar/panels/sql_explain.html', context)
def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. Expected GET variables: sql: urlencoded sql with position arguments params: JSON encoded parameter values time: time for SQL to execute passed in from toolbar just for redisplay """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') if sql.lower().startswith('select'): params = simplejson.loads(request.GET.get('params', '')) cursor = connection.cursor() cursor.execute("EXPLAIN %s" % (sql,), params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), 'time': request.GET.get('time', 0.0), 'headers': headers, } return render_to_response('debug_toolbar/panels/sql_explain.html', context)
def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values duration: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') params = request.GET.get('params', '') alias = request.GET.get('alias', 'default') hash = sha1(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().strip().startswith('select'): params = json.loads(params) cursor = connections[alias].cursor() conn = connections[alias].connection engine = conn.__class__.__module__.split('.', 1)[0] if engine == "sqlite3": # SQLite's EXPLAIN dumps the low-level opcodes generated for a query; # EXPLAIN QUERY PLAN dumps a more human-readable summary # See http://www.sqlite.org/lang_explain.html for details cursor.execute("EXPLAIN QUERY PLAN %s" % (sql, ), params) elif engine == "psycopg2": cursor.execute("EXPLAIN ANALYZE %s" % (sql, ), params) else: cursor.execute("EXPLAIN %s" % (sql, ), params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql(cursor.db.ops.last_executed_query( cursor, sql, params)), 'duration': request.GET.get('duration', 0.0), 'headers': headers, 'alias': alias, } return render_to_response('debug_toolbar/panels/sql_explain.html', context) raise InvalidSQLError("Only 'select' queries are allowed.")
def sql_profile(request): """ Returns the output of running the SQL and getting the profiling statistics. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values duration: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = smart_str(request.GET.get("sql", "")) params = smart_str(request.GET.get("params", "")) alias = request.GET.get("alias", "default") secret_key = smart_str(settings.SECRET_KEY) hash = sha_constructor(secret_key + sql + params).hexdigest() if hash != request.GET.get("hash", ""): return HttpResponseBadRequest("Tamper alert") # SQL Tampering alert if sql.lower().strip().startswith("select"): params = simplejson.loads(params) cursor = connections[alias].cursor() result = None headers = None result_error = None try: cursor.execute("SET PROFILING=1") # Enable profiling cursor.execute(sql, params) # Execute SELECT cursor.execute("SET PROFILING=0") # Disable profiling # The Query ID should always be 1 here but I'll subselect to get the last one just in case... cursor.execute( "SELECT * FROM information_schema.profiling WHERE query_id=(SELECT query_id FROM information_schema.profiling ORDER BY query_id DESC LIMIT 1)" ) headers = [d[0] for d in cursor.description] result = cursor.fetchall() except: result_error = "Profiling is either not available or not supported by your database." cursor.close() context = { "result": result, "result_error": result_error, "sql": reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), "duration": request.GET.get("duration", 0.0), "headers": headers, "alias": alias, } return render_to_response("debug_toolbar/panels/sql_profile.html", context) raise InvalidSQLError("Only 'select' queries are allowed.")
def title(self): sql_queries = connection.queries[self._offset:] queries = [(q['time'], q['raw_sql'], q['params']) for q in sql_queries] query_groups = {} for item in queries: time, raw_sql, params = item[0], item[1], item[2] group = query_groups.get(raw_sql, [0, 0, []]) group[2].append(params) query_groups[raw_sql] = (group[0]+time, group[1]+1, group[2]) query_groups = sorted([[k, v[0], v[1], v[2]] for k, v in query_groups.iteritems()], key=lambda x: x[1])[::-1] for query_group in query_groups: query_group[0] = reformat_sql(query_group[0]) self.query_groups = query_groups self.unique_count = len(query_groups) return '%s Unique Queries' % self.unique_count
def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values duration: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get('sql', '') params = request.GET.get('params', '') alias = request.GET.get('alias', 'default') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().strip().startswith('select'): params = simplejson.loads(params) cursor = connections[alias].cursor() conn = connections[alias].connection engine = conn.__class__.__module__.split('.', 1)[0] if engine == "sqlite3": # SQLite's EXPLAIN dumps the low-level opcodes generated for a query; # EXPLAIN QUERY PLAN dumps a more human-readable summary # See http://www.sqlite.org/lang_explain.html for details cursor.execute("EXPLAIN QUERY PLAN %s" % (sql,), params) else: cursor.execute("EXPLAIN %s" % (sql,), params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { 'result': result, 'sql': reformat_sql( cursor.db.ops.last_executed_query(cursor, sql, params), expand=False, ), 'duration': request.GET.get('duration', 0.0), 'headers': headers, 'alias': alias, } return render_to_response('debug_toolbar/panels/sql_explain.html', context) raise InvalidSQLError("Only 'select' queries are allowed.")
def process_response(self, request, response): if getattr(settings, 'DEBUG_LOGGING_CONFIG', {}).get('ENABLED', False): # Call the nav_subtitle method so that the query data is captured self.nav_subtitle() for alias, query in self._queries: query['alias'] = alias query['sql'] = reformat_sql(query['sql']) stats = {} queries = [q for a, q in self._queries] if settings.DEBUG_LOGGING_CONFIG.get('SQL_EXTRA', False): stats['sql_queries'] = queries stats['sql_time'] = self._sql_time stats['sql_num_queries'] = len(queries) request.debug_logging_stats.update(stats)
def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. Expected GET variables: sql: urlencoded sql with positional arguments params: JSON encoded parameter values duration: time for SQL to execute passed in from toolbar just for redisplay hash: the hash of (secret + sql + params) for tamper checking """ from debug_toolbar.panels.sql import reformat_sql sql = request.GET.get("sql", "") params = request.GET.get("params", "") alias = request.GET.get("alias", "default") hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get("hash", ""): return HttpResponseBadRequest("Tamper alert") # SQL Tampering alert if sql.lower().strip().startswith("select"): params = simplejson.loads(params) cursor = connections[alias].cursor() if settings.DATABASE_ENGINE == "sqlite3": # SQLite's EXPLAIN dumps the low-level opcodes generated for a query; # EXPLAIN QUERY PLAN dumps a more human-readable summary # See http://www.sqlite.org/lang_explain.html for details cursor.execute("EXPLAIN QUERY PLAN %s" % (sql,), params) else: cursor.execute("EXPLAIN %s" % (sql,), params) headers = [d[0] for d in cursor.description] result = cursor.fetchall() cursor.close() context = { "result": result, "sql": reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), "duration": request.GET.get("duration", 0.0), "headers": headers, "alias": alias, } return render_to_response("debug_toolbar/panels/sql_explain.html", context) raise InvalidSQLError("Only 'select' queries are allowed.")