sql code was not white space safe?

[scanner@…]

Using the postgresql backend I have a model which has "albums" which only has two fields. The important field is:

meta.CharField('name', maxlength = 512)

so I create the model fun. Now in python code I do the following:

album = albums.get_object(nameexact = album_name)

Where album was the string "Dungeon Keeper 2"

This died with the error:

File "/usr/local/lib/python2.4/site-packages/django/utils/functional.py", line 3, in _curried

return args[0](*(args[1:]+moreargs), dict(kwargs.items() + morekwargs.items()))

File "/usr/local/lib/python2.4/site-packages/django/core/meta/init.py", line 1013, in function_get_object

obj_list = function_get_list(opts, klass, kwargs)

File "/usr/local/lib/python2.4/site-packages/django/core/meta/init.py", line 1053, in function_get_list

return list(function_get_iterator(opts, klass, kwargs))

File "/usr/local/lib/python2.4/site-packages/django/core/meta/init.py", line 1036, in function_get_iterator

cursor.execute("SELECT " + (kwargs.get('distinct') and "DISTINCT " or "") + ",".join(select) + sql, params)

File "/usr/local/lib/python2.4/site-packages/django/core/db/base.py", line 10, in execute

result = self.cursor.execute(sql, params)

psycopg.ProgrammingError: ERROR: syntax error at or near "Keeper" at character 123

SELECT music_albums.id,music_albums.name,music_albums.simplified_name FROM music_albums WHERE music_albums.name = Dungeon Keeper 2

Now if I modified my call to be:

album = albums.get_object(nameexact = "'%s'" % album_name)

it works. (Note the " ' %s ' ") thus quoting the string. I would have thought it would do sql safe quoting of my strings for me?