id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 305,sql code was not white space safe?,scanner@…,Adrian Holovaty,"Using the postgresql backend I have a model which has ""albums"" which only has two fields. The important field is: {{{ meta.CharField('name', maxlength = 512) }}} so I create the model fun. Now in python code I do the following: {{{ album = albums.get_object(name__exact = album_name) }}} Where album was the string ""Dungeon Keeper 2"" This died with the error: {{{ File ""/usr/local/lib/python2.4/site-packages/django/utils/functional.py"", line 3, in _curried return args[0](*(args[1:]+moreargs), **dict(kwargs.items() + morekwargs.items())) File ""/usr/local/lib/python2.4/site-packages/django/core/meta/__init__.py"", line 1013, in function_get_object obj_list = function_get_list(opts, klass, **kwargs) File ""/usr/local/lib/python2.4/site-packages/django/core/meta/__init__.py"", line 1053, in function_get_list return list(function_get_iterator(opts, klass, **kwargs)) File ""/usr/local/lib/python2.4/site-packages/django/core/meta/__init__.py"", line 1036, in function_get_iterator cursor.execute(""SELECT "" + (kwargs.get('distinct') and ""DISTINCT "" or """") + "","".join(select) + sql, params) File ""/usr/local/lib/python2.4/site-packages/django/core/db/base.py"", line 10, in execute result = self.cursor.execute(sql, params) psycopg.ProgrammingError: ERROR: syntax error at or near ""Keeper"" at character 123 SELECT music_albums.id,music_albums.name,music_albums.simplified_name FROM music_albums WHERE music_albums.name = Dungeon Keeper 2 }}} Now if I modified my call to be: {{{ album = albums.get_object(name__exact = ""'%s'"" % album_name) }}} it works. (Note the {{{"" ' %s ' ""}}}) thus quoting the string. I would have thought it would do sql safe quoting of my strings for me? ",defect,closed,"Database layer (models, ORM)",1.0,normal,invalid,quoting strings for 'get_object(__exact = ...)',,Unreviewed,0,0,0,0,0,0