id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34459	SearchVector() can return query strings that are unsafe to combine.	Patryk Zawadzki	Mariusz Felisiak	"As the function specifically calls {{{connection.ops.compose_sql}}}, the returned {{{sql}}} will have all parameters inlined.

An unintended consequence is that if you pass it a value that contains a percent sign, like {{{Value(""10% OFF"")}}}, the resulting {{{sql}}} will have the {{{%}}} character inlined. Such values will result in a {{{ProgrammingError}}} as soon as you attempt to combine the SearchVector with any expression that relies on {{{params}}}.

Depending on whether you use psycopg2 or psycopg 3, the resulting error will tell you that there are not enough params to format the query template or that there is an unescaped {{{%}}} in the query."	Bug	closed	contrib.postgres	4.2	Release blocker	fixed		Florian Apolloner Daniele Varrazzo Simon Charette Natalia Bidart	Accepted	1	0	0	0	0	0