Opened 16 years ago
Last modified 13 years ago
#6343 new Bug
% symbols not escaped in db_column column names when preparing queries
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Using % in database column names (specified using db_column) causes the database wrapper to fail when preparing queries.
This is because the % symbol is not properly quoted (as %%), and conflicts with the usage of %s for passing parameters to queries.
I am attaching a patch for the MySQL backend where I encountered the issue; I'm not sure if other backends exhibit this bug because it presumably depends both on whether the database's native capability to support % characters in column names, and on the Python DB-API paramstyle.
Attachments (1)
Change History (7)
by , 16 years ago
| Attachment: | percent_column_names.diff added |
|---|
comment:1 by , 16 years ago
| Triage Stage: | Unreviewed → Design decision needed |
|---|
You can use % in db column names? I really think that's a bad bad idea to start with, but I'll put this as Design Dec. Needed just in case.
comment:2 by , 13 years ago
| Severity: | → Normal |
|---|---|
| Type: | → Bug |
Guessing from the report, I take it this is a bug, but I'm not sure if it is still a valid one though...
comment:3 by , 13 years ago
| Needs tests: | set |
|---|
comment:5 by , 13 years ago
comment:6 by , 13 years ago
| Easy pickings: | unset |
|---|---|
| Triage Stage: | Design decision needed → Accepted |
| UI/UX: | unset |
This either needs to be fixed, or if that's not technically feasible in a sane way, documented.
#11391 closed as duplicate of this, also raises the issue that this can happen with field names, not just table names. That should also be addressed.
Patch for MySQL backend