Single quotes get escaped twice when creating admin log
|Reported by:||anonymous||Owned by:||nobody|
|Component:||Database layer (models, ORM)||Version:||0.96|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I'm using Django 0.96, Python 2.4.4, MySql 5.0.32 (all from Debian Etch).
Some field descriptions in models.py contain apostropes, or single quotes ('). They are correctly escaped in the file and displayed perfectly in the admin.
Later, though, when I save a new or modified record, and Django tries to add the admin log entry into the django_admin_log database, I get execution stopped with a MySql warning: "Incorrect string value". Digging a bit into the problem, I found that this is a query escaping problem.
It happens in the BaseCursor.execute() method. It gets called with a query variable that's like
'INSERT INTO `table` (`field1`,`field2`) VALUES (%s,%s)'
and the args are
['value1',"i'm another value"]
then come these two lines:
query = query.encode(charset) query = query % db.literal(args)
And now the query looks like
"INSERT INTO `table` (`field1`,`field2`) VALUES ('value1','i\\'m another value')"
Of course MySql goes on until the escaped backslash, then there's a single quote and the value string ends... what is m another value' ?
So... something escapes that single quote twice instead of once.