Opened 2 months ago

Closed 2 months ago

#36147 closed Uncategorized (needsinfo)

django oracle backend wildcard issue

Reported by: Terence Collins Owned by:
Component: Database layer (models, ORM) Version: 5.1
Severity: Normal Keywords: oracle, db, backend, %
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

in django/db/backends/oracle/base.py, in _fix_for_params, line 542:

query %= args

will cause an error if the passed in string using an SQL wildcard, i.e. "custom_value like '%custom_value%'.
This can be avoided by escaping the "%" as "%%", but as this is an underlying function the resultant error can be hard to track down.

Change History (2)

comment:1 by Tim Graham, 2 months ago

Can you give a concrete example of how to reproduce the problem? It sounds like you're writing raw SQL and not escaping it correctly. You recognize that this is your fault but ask if Django could raise a more helpful message. (Please tell me if I misinterpreted.)

comment:2 by Sarah Boyce, 2 months ago

Resolution: needsinfo
Status: newclosed

(We can reopen when we have more details to replicate)

Note: See TracTickets for help on using tickets.
Back to Top