#2458 closed defect (fixed)
[patch] Backslashes in LIKE queries are not escaped
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | |
| Severity: | major | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Say you have a model called MyModel with a TextField called text and want to get all objects where text contains a backslash. The following query, however, doesn't return anything:
models.MyModel.objects.filter(text__conatins='\\')
This query does:
models.MyModel.objects.filter(text__conatins='\\\\')
Here is a patch that fixes the problem:
Index: django/db/models/fields/__init__.py
===================================================================
--- django/db/models/fields/__init__.py (revision 3496)
+++ django/db/models/fields/__init__.py (working copy)
@@ -20,7 +20,7 @@
BLANK_CHOICE_NONE = [("", "None")]
# prepares a value for use in a LIKE query
-prep_for_like_query = lambda x: str(x).replace("%", "\%").replace("_", "\_")
+prep_for_like_query = lambda x: str(x).replace("\\", "\\\\").replace("%", "\%").replace("_", "\_")
# returns the <ul> class for a given radio_admin value
get_ul_class = lambda x: 'radiolist%s' % ((x == HORIZONTAL) and ' inline' or '')
Change History (3)
comment:1 by , 18 years ago
| Component: | Admin interface → Database wrapper |
|---|
comment:2 by , 18 years ago
| Summary: | Backslashes in LIKE queries are not escaped → [patch] Backslashes in LIKE queries are not escaped |
|---|
comment:3 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
(In [3552]) Fixed #2458 -- DB API now properly escapes backslashes, so you don't have to double-escape them. Thanks, tom@…