Opened 3 years ago

Last modified 2 years ago

#24803 new Bug

Collected SQL does not respect empty strings as params when formatting result sql

Reported by: Andriy Sokolovskiy Owned by: nobody
Component: Database layer (models, ORM) Version: master
Severity: Normal Keywords:
Cc: Joseph Gordon Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

See https://code.djangoproject.com/ticket/23405#comment:27

When collecting sql (https://github.com/django/django/blob/master/django/db/backends/base/schema.py#L105), if param is an empty string (''), it is formatting in the wrong way, so in the result sql there will be nothing (should be '').

Change History (7)

comment:2 Changed 3 years ago by Israel Saeta Pérez

@coldmind, I've found the following:

    >>> MySQLdb.escape('', MySQLdb.converters.conversions)
    "''"

   >>> MySQLdb.escape(u'', MySQLdb.converters.conversions)
    ''

And the default parameter for blank=True CharFields is an unicode string (checked that with pdb, Django 1.7). So is MySQLdb escaping unicode strings incorrectly, or should the default parameter be a bytestring instead?

comment:3 Changed 3 years ago by Andriy Sokolovskiy

@dukebody, I saw this code, it is not using quote_value when generating sql (put pdb break here and you will see).
The problem line is in my first comment (when chaning %s to %r it works, but I'm not sure that it is the right way to resolve problem.)

comment:4 Changed 3 years ago by Andriy Sokolovskiy

Summary: Collected SQL does not respect empty strings as params when formatting result sqlCollected SQL does not respect empty strings as params when formatting result sql on MySQL

comment:5 Changed 3 years ago by Israel Saeta Pérez

Summary: Collected SQL does not respect empty strings as params when formatting result sql on MySQLCollected SQL does not respect empty strings as params when formatting result sql

@coldmind, I have this issue with MySQL and the MySQL engine doesn't have features.requires_literal_defaults=True, so that code doesn't get executed. Tested placing a pdb there.

Apparently MySQLdb quotes bytestrings when escaping, but not unicode strings: http://sourceforge.net/p/mysql-python/mysqldb-2/ci/7773efbe9b3012da2827b0284c43267cc9a4ecbd/tree/MySQLdb/converters.py

def unicode_to_sql(value, conv):
    """Convert a unicode object to a string using the default encoding.
    This is only used as a placeholder for the real function, which
    is connection-dependent."""
    assert isinstance(value, unicode)
    return value.encode()

Could the placeholder comment mean that some connection parameters should convert the unicode string to a bytestring and then quote it?

comment:6 Changed 3 years ago by Tim Graham

Triage Stage: UnreviewedAccepted

comment:7 Changed 2 years ago by Joseph Gordon

Cc: Joseph Gordon added
Note: See TracTickets for help on using tickets.
Back to Top