Django

Code

Ticket #3041 (closed: invalid)

Opened 3 years ago

Last modified 3 months ago

Bug with LIKE raw SQL in CursorDebugWrapper

Reported by: yopi Assigned to: adrian
Milestone: Component: Database layer (models, ORM)
Version: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

Using SQL statement including the % operator (in query such as: SELECT count(*), avg(b) FROM t1 WHERE c LIKE '%%%s%%'" %num_string)

the CursorDebugWrapper? fails (/db/backends/util.py +19) with error: "not enough arguments for format string" as the operator is not properly escaped.

Turning off the DEBUG variable bypass this debug.

Attachments

Change History

01/24/07 10:23:51 changed by mir@noris.de

Can you please append the full backtrace?

06/20/07 22:39:28 changed by SmileyChris

  • status changed from new to closed.
  • resolution set to invalid.

Yes, it will fail because the string which the cursor receives is runs through string substitution of any given parameters. So either quad-quote your percents or pass it in as a parameter like you should be: 

cursor.execute("SELECT count(*), avg(b) FROM t1 WHERE c LIKE %s", ('%%%s%%'" % num_string,))

09/12/08 07:19:12 changed by guettli

  • cc set to hv@tbz-pariv.de.

Reopened as #9055

12/23/09 03:53:46 changed by guettli

  • cc deleted.

Add/Change #3041 (Bug with LIKE raw SQL in CursorDebugWrapper)




Change Properties
Action