#23426: migrations.RunSQL's function signature implies it won't do any parameter substitution -------------------------+------------------------------------------------- Reporter: ris | Owner: nobody Type: Bug | Status: new Component: | Version: 1.7 Migrations | Keywords: migrations sql runsql params escape Severity: Normal | Has patch: 0 Triage Stage: | UI/UX: 0 Unreviewed | Easy pickings: 0 | -------------------------+------------------------------------------------- Bit of an odd one here, and probably comes down to a matter of opinion.
migrations.RunSQL not taking any params= argument seems to imply that it doesn't do any parameter substitution on the supplied SQL, which would mean that "%"s can be used freely in the SQL. This of course isn't the case and doing {{{ migrations.RunSQL("UPDATE city_table SET description = 'silly' WHERE name ILIKE '%camelot%'") }}} will screw up because psycopg2 will be confused about the "%"s. Either RunSQL should accept params= and this should be documented or RunSQL should attempt to nullify this by doing something like .replace ( "%" , "%%" ) to the SQL string. -- Ticket URL: <https://code.djangoproject.com/ticket/23426> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/046.6b72d0062169c11fa072665be0ce7763%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.