Opened 4 years ago

Closed 4 years ago

#31589 closed Bug (invalid)

Raw queries do not work if any DB content column has the % symbol.

Reported by: jotauses Owned by: nobody
Component: Database layer (models, ORM) Version: 3.0
Severity: Normal Keywords: raw query
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Only fails if any DB content column has the % symbol.

query_postgresql = """SELECT *, similarity(titulo, '{0}') AS similarity FROM pdc_pdc  ORDER BY similarity DESC;"""

pdc = Pdc.objects.raw(query_postgresql.format(titulo_infocor))

Column "titulo" content = "This is a test 80%".

Traceback:

  File "C:\Users\-----\AppData\Local\Programs\Python\Python38-32\lib\site-packages\django\db\backends\utils.py", line 86, in _execute
    return self.cursor.execute(sql, params)
IndexError: tuple index out of range

Change History (1)

comment:1 by Mariusz Felisiak, 4 years ago

Resolution: invalid
Status: newclosed
Summary: Raw queries do not work if any DB content column has the % symbolRaw queries do not work if any DB content column has the % symbol.

My understanding is that you passed titulo_infocor = "This is a test 80%", this is not supported and moreover you’re at risk for SQL injection. Please check Passing parameters into raw() or use one of support channels if you have further questions.

Note: See TracTickets for help on using tickets.
Back to Top