Parametrize related field queries

[henadzit]

Description

This is the final (hopefully) parametrization PR. After this is merged, all queries should be parameterized.

• Updates relational field queries to use parametrized queries
• Refactors QuerySets to use pypika's get_parameterized_query instead of doing parameterization itself. It shifts the responsibility of parameterization to pypika. This PR introduces QueryBuilder.get_parameterized_query.

Motivation and Context

Parameterized queries are crucial for preventing SQL injection attacks and but also can improve performance of database operations.

This PR should finally allow us to close #81.

This also checks one of the requirements for v1.0.0, related ticket.

How Has This Been Tested?

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added the changelog accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[coveralls]

Pull Request Test Coverage Report for Build 12142120565

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 63 of 63 (100.0%) changed or added relevant lines in 7 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage decreased (-0.006%) to 90.384%

---

Files with Coverage Reduction	New Missed Lines	%
tortoise/backends/base/client.py	1	93.48%

Totals
Change from base Build 12116630665:	-0.006%
Covered Lines:	6308
Relevant Lines:	6873

---

💛 - Coveralls

[Abdeldjalil-H]

hi @henadzit. I have a question. I've noticed that if we call .sql(params_inline=True) on a query that has filters as subqueries, for example

MyModel.filter(id__in=Subquery(OtherModel.filter(field=some_value).values_list("id"))).sql(params_inline=True)

then the value of field is not included in the raw sql. Does this PR handle this case or we should have a separate issue for this?

Thank you for your time.

[henadzit]

hi @henadzit. I have a question. I've noticed that if we call .sql(params_inline=True) on a query that has filters as subqueries, for example

MyModel.filter(id__in=Subquery(OtherModel.filter(field=some_value).values_list("id"))).sql(params_inline=True)

then the value of field is not included in the raw sql. Does this PR handle this case or we should have a separate issue for this?

Thank you for your time.

Great catch! This PR doesn't handle it and not related, please open a separate issue, thanks.