id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23426	migrations.RunSQL's function signature implies it won't do any parameter substitution	ris	nobody	"Bit of an odd one here, and probably comes down to a matter of opinion.

migrations.RunSQL not taking any params= argument seems to imply that it doesn't do any parameter substitution on the supplied SQL, which would mean that ""%""s can be used freely in the SQL.

This of course isn't the case and doing 

{{{
    migrations.RunSQL(""UPDATE city_table SET description = 'silly' WHERE name ILIKE '%camelot%'"")
}}}

will screw up because psycopg2 will be confused about the ""%""s.

Either RunSQL should accept params= and this should be documented or RunSQL should attempt to nullify this by doing something like .replace ( ""%"" , ""%%"" ) to the SQL string."	Bug	new	Migrations	1.7	Normal		migrations sql runsql params escape		Unreviewed	0	0	0	0	0	0