Opened 5 years ago
Closed 5 years ago
#31589 closed Bug (invalid)
Raw queries do not work if any DB content column has the % symbol.
| Reported by: | jotauses | Owned by: | nobody |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | 3.0 |
| Severity: | Normal | Keywords: | raw query |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Only fails if any DB content column has the % symbol.
query_postgresql = """SELECT *, similarity(titulo, '{0}') AS similarity FROM pdc_pdc ORDER BY similarity DESC;"""
pdc = Pdc.objects.raw(query_postgresql.format(titulo_infocor))
Column "titulo" content = "This is a test 80%".
Traceback:
File "C:\Users\-----\AppData\Local\Programs\Python\Python38-32\lib\site-packages\django\db\backends\utils.py", line 86, in _execute
return self.cursor.execute(sql, params)
IndexError: tuple index out of range
Change History (1)
comment:1 by , 5 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
| Summary: | Raw queries do not work if any DB content column has the % symbol → Raw queries do not work if any DB content column has the % symbol. |
Note:
See TracTickets
for help on using tickets.
My understanding is that you passed
titulo_infocor = "This is a test 80%", this is not supported and moreover you’re at risk for SQL injection. Please check Passing parameters into raw() or use one of support channels if you have further questions.