#2945 closed defect (duplicate)
DB Api - non-numeric __getitem__ parameter being inserted into LIMIT clause
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Database layer (models, ORM) | Version: | dev |
Severity: | normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
This seems to happen once, refreshing the view and its gone. It's throwing "count" where the limit (of some sorts) should be.
The query its executing is:
'SELECT files_version
.id
,files_version
.file_id
,files_version
.md5
,files_version
.name
,files_version
.post_date
,files_version
.archive
,files_version
.change_log
,files_version
.author_id
,files_version
.downloads
,files_version
.type_id
FROM files_version
WHERE (files_version
.file_id
= %s) ORDER BY files_version
.post_date
DESC LIMIT count,1'
Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/django/core/handlers/base.py" in get_response 74. response = callback(request, *callback_args, **callback_kwargs) File "/home/www/cursedjango/cursesite/../cursesite/files/views.py" in detail 272. return render_to_response('files/detail.html', context_instance=context) File "/usr/lib/python2.4/site-packages/django/shortcuts/__init__.py" in render_to_response 10. return HttpResponse(loader.render_to_string(*args, **kwargs)) File "/usr/lib/python2.4/site-packages/django/template/loader.py" in render_to_string 104. return t.render(context_instance) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render 155. return self.nodelist.render(context) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render 688. bits.append(self.render_node(node, context)) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render_node 701. return(node.render(context)) File "/usr/lib/python2.4/site-packages/django/template/loader_tags.py" in render 82. return compiled_parent.render(context) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render 155. return self.nodelist.render(context) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render 688. bits.append(self.render_node(node, context)) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render_node 701. return(node.render(context)) File "/usr/lib/python2.4/site-packages/django/template/loader_tags.py" in render 23. result = self.nodelist.render(context) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render 688. bits.append(self.render_node(node, context)) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render_node 701. return(node.render(context)) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render 746. output = self.filter_expression.resolve(context) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in resolve 548. obj = resolve_variable(self.var, context) File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in resolve_variable 634. current = current[bits[0]] File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in __getitem__ 144. return list(self._clone(_offset=k, _limit=1))[0] File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in __iter__ 103. return iter(self._get_data()) File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in _get_data 430. self._result_cache = list(self.iterator()) File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in iterator 172. cursor.execute("SELECT " + (self._distinct and "DISTINCT " or "") + ",".join(select) + sql, params) File "/usr/lib/python2.4/site-packages/django/db/backends/util.py" in execute 12. return self.cursor.execute(sql, params) File "/usr/lib/python2.4/site-packages/django/db/backends/mysql/base.py" in execute 35. return self.cursor.execute(sql, params) File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py" in execute 137. self.errorhandler(self, exc, value) File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py" in defaulterrorhandler 33. raise errorclass, errorvalue ProgrammingError at /en/files/details/4647/blackuweather-fishing/ (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'count,1' at line 1")
Change History (8)
comment:1 by , 18 years ago
Component: | Admin interface → Database wrapper |
---|---|
priority: | highest → normal |
Severity: | critical → normal |
comment:2 by , 18 years ago
comment:3 by , 18 years ago
Didn't think it had anything to do with my view so I didn't post the code, here it is:
def detail(request, file_id):
file = cache.get('file_%s' % file_id)
if not file:
file = get_object_or_404(File, visible=True, pk=file_id)
cache.set('file_%d' % (file.id), file, 60*600)
file_data = cache.get('file_data_%s_%s' % (request.LANGUAGE_CODE, file_id))
if not file_data:
file_data = Data.objects.get(file=file_id, lang=request.LANGUAGE_CODE)
cache.set('file_data_%s_%s' % (request.LANGUAGE_CODE, file_id), file_data, 60*600)
version_list = cache.get('version_list_%s' % file_id)
if not version_list:
version_list = Version.objects.filter(file=file_id).order_by('-post_date')[0:5]
cache.set('version_list_%s' % file_id, version_list, 60*600)
OBJECT = {'app': 'files', 'view': 'file', 'id': file_id}
extra_context = {'file': file, 'version_list': version_list, 'file_data': file_data, 'OBJECT': OBJECT}
context = template.RequestContext(request)
context.update(extra_context)
return render_to_response('files/detail.html', context_instance=context)
comment:4 by , 18 years ago
Summary: | DB Api - "count" being inserted → DB Api - non-numeric __getitem__ parameter being inserted into LIMIT clause |
---|
A coworker just ran into this same problem, and it appears that QuerySet.getitem is not checking that its parameter is an integer (or at least a numeric string).
We had a template that had had {% for item in dates.items %} where dates had once been a dict but was now a QuerySet, and this triggered the error. It should be quite easy to replicate/track down.
comment:5 by , 18 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
I'm marking this as worksforme, as I've had a good play with things here and can't seem to replicate it. Regardless of what I throw at getitem, it keeps raising a TypeError ("slice indices must be integers").
@adurdin - can you provide more information on what your coworker did?
comment:6 by , 18 years ago
Resolution: | worksforme |
---|---|
Status: | closed → reopened |
(reopening because this is a real bug, but going to close again as a dupe of #2351, because the discussion seems to be happening over there)
comment:7 by , 18 years ago
Resolution: | → duplicate |
---|---|
Status: | reopened → closed |
comment:8 by , 18 years ago
Description: | modified (diff) |
---|
Reformatting the traceback to make it easier to read...
Could you post the code in your app that's triggering this? Without knowing what calls you were making to the Django DB API functions, it's next to impossible to figure out where this is coming from...