Opened 8 years ago

Closed 7 years ago

#5651 closed (worksforme)

Single quotes get escaped twice when creating admin log

Reported by: anonymous Owned by: nobody
Component: Database layer (models, ORM) Version: 0.96
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I'm using Django 0.96, Python 2.4.4, MySql 5.0.32 (all from Debian Etch).

Some field descriptions in models.py contain apostropes, or single quotes ('). They are correctly escaped in the file and displayed perfectly in the admin.
Later, though, when I save a new or modified record, and Django tries to add the admin log entry into the django_admin_log database, I get execution stopped with a MySql warning: "Incorrect string value". Digging a bit into the problem, I found that this is a query escaping problem.

It happens in the BaseCursor.execute() method. It gets called with a query variable that's like

'INSERT INTO `table` (`field1`,`field2`) VALUES (%s,%s)'

and the args are

['value1',"i'm another value"]

then come these two lines:

query = query.encode(charset)
query = query % db.literal(args)

And now the query looks like

"INSERT INTO `table` (`field1`,`field2`) VALUES ('value1','i\\'m another value')"

Of course MySql goes on until the escaped backslash, then there's a single quote and the value string ends... what is m another value' ?

So... something escapes that single quote twice instead of once.

Change History (2)

comment:1 Changed 8 years ago by anonymous

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

This happens also for double quotes.

However, I'm now almost convinced that it's a bug in the MySQLdb Python package, rather than in Django. So, if a site admin can confirm, please close this.

comment:2 Changed 7 years ago by jacob

  • Resolution set to worksforme
  • Status changed from new to closed

Yeah, Django relies on the backend to correctly interpolate values; if MySQLdb is doing it wrong, that's a problem that needs to be fixed upstream. However, I'm 99% sure that this is an old version of MySQLdb since I can't reproduce this with my current version at all.

Note: See TracTickets for help on using tickets.
Back to Top