Opened 9 years ago

Closed 9 years ago

#9719 closed (invalid)

Strings which look like numbers are not quoted, MySQL

Reported by: anonymous Owned by: nobody
Component: Database layer (models, ORM) Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Create a simple model with a CharField.
Create a ModelForm for that model.

The model can be created successfully and saved to the database using CharField data which looks like a number (e.g. IP address), but updating that model using the same ModelForm fails if the data already existing in the database looks like a number.

        form = Config(request.POST, instance=mymodel) # A form bound to the POST data
        if form.is_valid(): # All validation rules pass
        # Throws blank exception

The SQL query that fails (from db.connection.queries) is:

SELECT .... FROM `service_config` WHERE (`service_config`.`customer_id` = 1  AND `service_config`.`hostname` =

The last item should be in quotes. MySQL will fail on this statement, and the Exception returned from is blank (printing the exception results in a null string).

Change the data to 'X192.168.1.20' and it works as expected.

This occurs in at least 1.0.1 and 1.0.2.

Change History (2)

comment:1 Changed 9 years ago by Malcolm Tredinnick

You are confusing a couple of things here. Not denying there's a bug (although your description seems to involve a lot of steps to repeat it). However, the output of connection.queries is not exactly what is passed to the database. The database wrapper (the bit between Django and the database) does parameter quoting. We have no way of accessing that quoting function (it's not public API), so we just print out the value without quotes. Thus, the output of connection.queries is not a reliable indicator of the bytes sent to the database.

comment:2 Changed 9 years ago by anonymous

Resolution: invalid
Status: newclosed

I've looked into this in some more detail and it was actually caused by a custom save() method. connection.queries did throw me as an IP address was not quoted, while a string was.

Many thanks for your hints.

Note: See TracTickets for help on using tickets.
Back to Top