Opened 16 years ago
Closed 16 years ago
#9719 closed (invalid)
Strings which look like numbers are not quoted, MySQL
Reported by: | anonymous | Owned by: | nobody |
---|---|---|---|
Component: | Database layer (models, ORM) | Version: | 1.0 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Create a simple model with a CharField.
Create a ModelForm for that model.
The model can be created successfully and saved to the database using CharField data which looks like a number (e.g. IP address), but updating that model using the same ModelForm fails if the data already existing in the database looks like a number.
form = Config(request.POST, instance=mymodel) # A form bound to the POST data if form.is_valid(): # All validation rules pass try: form.save() # Throws blank exception
The SQL query that fails (from db.connection.queries) is:
SELECT .... FROM `service_config` WHERE (`service_config`.`customer_id` = 1 AND `service_config`.`hostname` = 192.168.1.20
The last item should be in quotes. MySQL will fail on this statement, and the Exception returned from ModelFormInstance.save() is blank (printing the exception results in a null string).
Change the data to 'X192.168.1.20' and it works as expected.
This occurs in at least 1.0.1 and 1.0.2.
Change History (2)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
I've looked into this in some more detail and it was actually caused by a custom save() method. connection.queries did throw me as an IP address was not quoted, while a string was.
Many thanks for your hints.
You are confusing a couple of things here. Not denying there's a bug (although your description seems to involve a lot of steps to repeat it). However, the output of connection.queries is not exactly what is passed to the database. The database wrapper (the bit between Django and the database) does parameter quoting. We have no way of accessing that quoting function (it's not public API), so we just print out the value without quotes. Thus, the output of connection.queries is not a reliable indicator of the bytes sent to the database.