#23426: migrations.RunSQL's function signature implies it won't do any parameter
substitution
-------------------------+-------------------------------------------------
Reporter: ris | Owner: nobody
Type: Bug | Status: new
Component: | Version: 1.7
Migrations | Keywords: migrations sql runsql params escape
Severity: Normal | Has patch: 0
Triage Stage: | UI/UX: 0
Unreviewed |
Easy pickings: 0 |
-------------------------+-------------------------------------------------
Bit of an odd one here, and probably comes down to a matter of opinion.
migrations.RunSQL not taking any params= argument seems to imply that it
doesn't do any parameter substitution on the supplied SQL, which would
mean that "%"s can be used freely in the SQL.
This of course isn't the case and doing
{{{
migrations.RunSQL("UPDATE city_table SET description = 'silly' WHERE
name ILIKE '%camelot%'")
}}}
will screw up because psycopg2 will be confused about the "%"s.
Either RunSQL should accept params= and this should be documented or
RunSQL should attempt to nullify this by doing something like .replace (
"%" , "%%" ) to the SQL string.
--
Ticket URL: <https://code.djangoproject.com/ticket/23426>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/046.6b72d0062169c11fa072665be0ce7763%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
