SQLite3 executemany() exception handling is too broad
In SQLiteCursorWrapper.executemany() (http://code.djangoproject.com/browser/django/trunk/django/db/backends/sqlite3/base.py#L191)
convert_query (line 199) is called, but if you have an extra (accidental) %s in your query the
replacement of '%s' by ? will raise an exception (TypeError: not enough arguments for format string) which is then
caught and ignored by except(IndexError,TypeError) at line 195.
None will be returned and whoever is calling executemany will be left wondering why nothing happened. This bug basically causes bad input to be ignored instead of raising an exception.
Attachments
(1)
- 12612_patch.diff
(2.4 KB
) - added by Gabriel Hurley 15 years ago.
- Removes error suppression from sqlite executemany parameter handling and adds tests.
Download all attachments as:
.zip
Change History
(7)
| Summary: |
SQLite3 executemany() method catches too much exceptions → SQLite3 executemany() exception handling is too broad
|
| milestone: |
→ 1.2
|
| Triage Stage: |
Unreviewed → Accepted
|
| Has patch: |
set
|
| Owner: |
changed from nobody to Gabriel Hurley
|
| Status: |
new → assigned
|
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
This was introduced in @6218 as the solution to #4765. I agree with Niels that the solution in that patch (suppressing an error regarding a malformed query and returning None) is not the right direction.
I can't find any discussion of why that decision was made, and there are no tests for executemany() anywhere that I see.
I'm adding a patch which lets the error bubble up and adds tests to check for the behaviors noted in this ticket and #4896.