#2945 closed defect (duplicate)
DB Api - non-numeric __getitem__ parameter being inserted into LIMIT clause
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | dev |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
This seems to happen once, refreshing the view and its gone. It's throwing "count" where the limit (of some sorts) should be.
The query its executing is:
'SELECT files_version.id,files_version.file_id,files_version.md5,files_version.name,files_version.post_date,files_version.archive,files_version.change_log,files_version.author_id,files_version.downloads,files_version.type_id FROM files_version WHERE (files_version.file_id = %s) ORDER BY files_version.post_date DESC LIMIT count,1'
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/django/core/handlers/base.py" in get_response
74. response = callback(request, *callback_args, **callback_kwargs)
File "/home/www/cursedjango/cursesite/../cursesite/files/views.py" in detail
272. return render_to_response('files/detail.html', context_instance=context)
File "/usr/lib/python2.4/site-packages/django/shortcuts/__init__.py" in render_to_response
10. return HttpResponse(loader.render_to_string(*args, **kwargs))
File "/usr/lib/python2.4/site-packages/django/template/loader.py" in render_to_string
104. return t.render(context_instance)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render
155. return self.nodelist.render(context)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render
688. bits.append(self.render_node(node, context))
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render_node
701. return(node.render(context))
File "/usr/lib/python2.4/site-packages/django/template/loader_tags.py" in render
82. return compiled_parent.render(context)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render
155. return self.nodelist.render(context)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render
688. bits.append(self.render_node(node, context))
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render_node
701. return(node.render(context))
File "/usr/lib/python2.4/site-packages/django/template/loader_tags.py" in render
23. result = self.nodelist.render(context)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render
688. bits.append(self.render_node(node, context))
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render_node
701. return(node.render(context))
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in render
746. output = self.filter_expression.resolve(context)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in resolve
548. obj = resolve_variable(self.var, context)
File "/usr/lib/python2.4/site-packages/django/template/__init__.py" in resolve_variable
634. current = current[bits[0]]
File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in __getitem__
144. return list(self._clone(_offset=k, _limit=1))[0]
File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in __iter__
103. return iter(self._get_data())
File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in _get_data
430. self._result_cache = list(self.iterator())
File "/usr/lib/python2.4/site-packages/django/db/models/query.py" in iterator
172. cursor.execute("SELECT " + (self._distinct and "DISTINCT " or "") + ",".join(select) + sql, params)
File "/usr/lib/python2.4/site-packages/django/db/backends/util.py" in execute
12. return self.cursor.execute(sql, params)
File "/usr/lib/python2.4/site-packages/django/db/backends/mysql/base.py" in execute
35. return self.cursor.execute(sql, params)
File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py" in execute
137. self.errorhandler(self, exc, value)
File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py" in defaulterrorhandler
33. raise errorclass, errorvalue
ProgrammingError at /en/files/details/4647/blackuweather-fishing/
(1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'count,1' at line 1")
Change History (8)
comment:1 by , 18 years ago
| Component: | Admin interface → Database wrapper |
|---|---|
| priority: | highest → normal |
| Severity: | critical → normal |
comment:2 by , 18 years ago
comment:3 by , 18 years ago
Didn't think it had anything to do with my view so I didn't post the code, here it is:
def detail(request, file_id):
file = cache.get('file_%s' % file_id)
if not file:
file = get_object_or_404(File, visible=True, pk=file_id)
cache.set('file_%d' % (file.id), file, 60*600)
file_data = cache.get('file_data_%s_%s' % (request.LANGUAGE_CODE, file_id))
if not file_data:
file_data = Data.objects.get(file=file_id, lang=request.LANGUAGE_CODE)
cache.set('file_data_%s_%s' % (request.LANGUAGE_CODE, file_id), file_data, 60*600)
version_list = cache.get('version_list_%s' % file_id)
if not version_list:
version_list = Version.objects.filter(file=file_id).order_by('-post_date')[0:5]
cache.set('version_list_%s' % file_id, version_list, 60*600)
OBJECT = {'app': 'files', 'view': 'file', 'id': file_id}
extra_context = {'file': file, 'version_list': version_list, 'file_data': file_data, 'OBJECT': OBJECT}
context = template.RequestContext(request)
context.update(extra_context)
return render_to_response('files/detail.html', context_instance=context)
comment:4 by , 18 years ago
| Summary: | DB Api - "count" being inserted → DB Api - non-numeric __getitem__ parameter being inserted into LIMIT clause |
|---|
A coworker just ran into this same problem, and it appears that QuerySet.getitem is not checking that its parameter is an integer (or at least a numeric string).
We had a template that had had {% for item in dates.items %} where dates had once been a dict but was now a QuerySet, and this triggered the error. It should be quite easy to replicate/track down.
comment:5 by , 18 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
I'm marking this as worksforme, as I've had a good play with things here and can't seem to replicate it. Regardless of what I throw at getitem, it keeps raising a TypeError ("slice indices must be integers").
@adurdin - can you provide more information on what your coworker did?
comment:6 by , 18 years ago
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
(reopening because this is a real bug, but going to close again as a dupe of #2351, because the discussion seems to be happening over there)
comment:7 by , 18 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | reopened → closed |
comment:8 by , 18 years ago
| Description: | modified (diff) |
|---|
Reformatting the traceback to make it easier to read...
Could you post the code in your app that's triggering this? Without knowing what calls you were making to the Django DB API functions, it's next to impossible to figure out where this is coming from...