From: Lele Gaifax <lele@metapensiero.it>
Date: Mon, 31 Oct 2022 08:14:04 +0000 (+0100)
Subject: Exploit literal() instead of hardcoding the SQL
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ceee1951194f5014ee17416e4cef70abc2ffbfd9;p=thirdparty%2Fsqlalchemy%2Fsqlalchemy.git

Exploit literal() instead of hardcoding the SQL
---

diff --git a/test/dialect/postgresql/test_dialect.py b/test/dialect/postgresql/test_dialect.py
index 0e65167d9b..608843b596 100644
--- a/test/dialect/postgresql/test_dialect.py
+++ b/test/dialect/postgresql/test_dialect.py
@@ -1232,8 +1232,8 @@ class TestRange(fixtures.TestBase):
     )
     def test_contains_value(self, connection, rrepr, v):
         q = select(
-            literal_column(f"'{rrepr}'::int4range", INT4RANGE),
-            literal_column(f"{v} <@ '{rrepr}'::int4range"),
+            literal(rrepr, INT4RANGE),
+            literal(rrepr, INT4RANGE).contains(v),
         )
         r, expected = connection.execute(q).first()
         eq_(r.contains(v), expected)