Fix write query failing when a named parameter is called :sql (#2765)

Closes #2761

tests/test_api_write.py

@@ -794,6 +794,44 @@ async def test_update_row_alter(ds_write):
     assert response.json() == {"ok": True}
 
 
+@pytest.mark.asyncio
+async def test_execute_write_form_parameter_called_sql():
+    ds = Datasette(memory=True, default_deny=True)
+    ds.root_enabled = True
+    db = ds.add_memory_database("execute_write_parameter_sql", name="data")
+    await db.execute_write("create table docs (id integer primary key, title text)")
+    await db.execute_write("insert into docs (id, title) values (1, 'Initial')")
+    await ds.invoke_startup()
+
+    form_response = await ds.client.get(
+        "/data/-/execute-write",
+        actor={"id": "root"},
+        params={"sql": "update docs set title = :sql where id = :id"},
+    )
+    assert form_response.status_code == 200
+    assert 'data-parameter-name-prefix="_sql_param_"' in form_response.text
+    assert '<label for="qp1">sql</label>' in form_response.text
+    assert 'name="_sql_param_sql"' in form_response.text
+    assert 'data-parameter-name="sql"' in form_response.text
+    assert 'name="_sql_param_id"' in form_response.text
+
+    response = await ds.client.post(
+        "/data/-/execute-write",
+        actor={"id": "root"},
+        data={
+            "sql": "update docs set title = :sql where id = :id",
+            "_sql_param_sql": "Updated",
+            "_sql_param_id": "1",
+        },
+    )
+
+    assert response.status_code == 200
+    assert "Query executed, 1 row affected" in response.text
+    assert (await db.execute("select title from docs where id = 1")).first()[
+        0
+    ] == "Updated"
+
+
 @pytest.mark.asyncio
 @pytest.mark.parametrize(
     "input,expected_errors",

tests/test_html.py

@@ -342,7 +342,7 @@ async def test_query_parameter_form_fields(ds_client):
     response = await ds_client.get("/fixtures/-/query?sql=select+:name")
     assert response.status_code == 200
     assert (
-        '<label for="qp1">name</label> <input type="text" id="qp1" name="name" value="" data-parameter-control>'
+        '<label for="qp1">name</label> <input type="text" id="qp1" name="name" value="" data-parameter-control data-parameter-name="name">'
         in response.text
     )
     assert 'data-parameters-url="/fixtures/-/query/parameters"' in response.text
@@ -351,7 +351,7 @@ async def test_query_parameter_form_fields(ds_client):
     response2 = await ds_client.get("/fixtures/-/query?sql=select+:name&name=hello")
     assert response2.status_code == 200
     assert (
-        '<label for="qp1">name</label> <input type="text" id="qp1" name="name" value="hello" data-parameter-control>'
+        '<label for="qp1">name</label> <input type="text" id="qp1" name="name" value="hello" data-parameter-control data-parameter-name="name">'
         in response2.text
     )
 

tests/test_stored_queries.py

@@ -201,7 +201,7 @@ def test_error_in_on_success_message_sql(stored_write_client):
 def test_custom_params(stored_write_client):
     response = stored_write_client.get("/data/update_name?extra=foo")
     assert (
-        '<input type="text" id="qp3" name="extra" value="foo" data-parameter-control>'
+        '<input type="text" id="qp3" name="extra" value="foo" data-parameter-control data-parameter-name="extra">'
         in response.text
     )