#2458 closed defect (fixed)
[patch] Backslashes in LIKE queries are not escaped
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Database layer (models, ORM) | Version: | |
Severity: | major | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Say you have a model called MyModel with a TextField called text and want to get all objects where text contains a backslash. The following query, however, doesn't return anything:
models.MyModel.objects.filter(text__conatins='\\')
This query does:
models.MyModel.objects.filter(text__conatins='\\\\')
Here is a patch that fixes the problem:
Index: django/db/models/fields/__init__.py =================================================================== --- django/db/models/fields/__init__.py (revision 3496) +++ django/db/models/fields/__init__.py (working copy) @@ -20,7 +20,7 @@ BLANK_CHOICE_NONE = [("", "None")] # prepares a value for use in a LIKE query -prep_for_like_query = lambda x: str(x).replace("%", "\%").replace("_", "\_") +prep_for_like_query = lambda x: str(x).replace("\\", "\\\\").replace("%", "\%").replace("_", "\_") # returns the <ul> class for a given radio_admin value get_ul_class = lambda x: 'radiolist%s' % ((x == HORIZONTAL) and ' inline' or '')
Change History (3)
comment:1 by , 18 years ago
Component: | Admin interface → Database wrapper |
---|
comment:2 by , 18 years ago
Summary: | Backslashes in LIKE queries are not escaped → [patch] Backslashes in LIKE queries are not escaped |
---|
comment:3 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
(In [3552]) Fixed #2458 -- DB API now properly escapes backslashes, so you don't have to double-escape them. Thanks, tom@…