% symbols not escaped in db_column column names when preparing queries
|Reported by:||Owned by:||nobody|
|Component:||Database layer (models, ORM)||Version:||master|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||yes||Patch needs improvement:||no|
% in database column names (specified using
db_column) causes the database wrapper to fail when preparing queries.
This is because the
% symbol is not properly quoted (as
%%), and conflicts with the usage of
%s for passing parameters to queries.
I am attaching a patch for the MySQL backend where I encountered the issue; I'm not sure if other backends exhibit this bug because it presumably depends both on whether the database's native capability to support
% characters in column names, and on the Python DB-API