Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#2458 closed defect (fixed)

[patch] Backslashes in LIKE queries are not escaped

Reported by: tom@… Owned by: Adrian Holovaty
Component: Database layer (models, ORM) Version:
Severity: major Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Say you have a model called MyModel with a TextField called text and want to get all objects where text contains a backslash. The following query, however, doesn't return anything:

models.MyModel.objects.filter(text__conatins='\\')

This query does:

models.MyModel.objects.filter(text__conatins='\\\\')

Here is a patch that fixes the problem:

Index: django/db/models/fields/__init__.py
===================================================================
--- django/db/models/fields/__init__.py (revision 3496)
+++ django/db/models/fields/__init__.py (working copy)
@@ -20,7 +20,7 @@
 BLANK_CHOICE_NONE = [("", "None")]
 
 # prepares a value for use in a LIKE query
-prep_for_like_query = lambda x: str(x).replace("%", "\%").replace("_", "\_")
+prep_for_like_query = lambda x: str(x).replace("\\", "\\\\").replace("%", "\%").replace("_", "\_")
 
 # returns the <ul> class for a given radio_admin value
 get_ul_class = lambda x: 'radiolist%s' % ((x == HORIZONTAL) and ' inline' or '')

Change History (3)

comment:1 by anonymous, 18 years ago

Component: Admin interfaceDatabase wrapper

comment:2 by anonymous, 18 years ago

Summary: Backslashes in LIKE queries are not escaped[patch] Backslashes in LIKE queries are not escaped

comment:3 by Adrian Holovaty, 18 years ago

Resolution: fixed
Status: newclosed

(In [3552]) Fixed #2458 -- DB API now properly escapes backslashes, so you don't have to double-escape them. Thanks, tom@…

Note: See TracTickets for help on using tickets.
Back to Top