Opened 11 years ago

Closed 11 years ago

#5651 closed (worksforme)

Single quotes get escaped twice when creating admin log

Reported by: anonymous Owned by: nobody
Component: Database layer (models, ORM) Version: 0.96
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


I'm using Django 0.96, Python 2.4.4, MySql 5.0.32 (all from Debian Etch).

Some field descriptions in contain apostropes, or single quotes ('). They are correctly escaped in the file and displayed perfectly in the admin.
Later, though, when I save a new or modified record, and Django tries to add the admin log entry into the django_admin_log database, I get execution stopped with a MySql warning: "Incorrect string value". Digging a bit into the problem, I found that this is a query escaping problem.

It happens in the BaseCursor.execute() method. It gets called with a query variable that's like

'INSERT INTO `table` (`field1`,`field2`) VALUES (%s,%s)'

and the args are

['value1',"i'm another value"]

then come these two lines:

query = query.encode(charset)
query = query % db.literal(args)

And now the query looks like

"INSERT INTO `table` (`field1`,`field2`) VALUES ('value1','i\\'m another value')"

Of course MySql goes on until the escaped backslash, then there's a single quote and the value string ends... what is m another value' ?

So... something escapes that single quote twice instead of once.

Change History (2)

comment:1 Changed 11 years ago by anonymous

This happens also for double quotes.

However, I'm now almost convinced that it's a bug in the MySQLdb Python package, rather than in Django. So, if a site admin can confirm, please close this.

comment:2 Changed 11 years ago by Jacob

Resolution: worksforme
Status: newclosed

Yeah, Django relies on the backend to correctly interpolate values; if MySQLdb is doing it wrong, that's a problem that needs to be fixed upstream. However, I'm 99% sure that this is an old version of MySQLdb since I can't reproduce this with my current version at all.

Note: See TracTickets for help on using tickets.
Back to Top