#35625: ProgrammingError with Postgres backend when setting db_default and constraint using the LIKE operator -------------------------------------+------------------------------------- Reporter: Julien Chaumont | Owner: Simon | Charette Type: Bug | Status: assigned Component: Migrations | Version: 5.0 Severity: Normal | Resolution: Keywords: db_default, | Triage Stage: Accepted postgres | Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by Simon Charette):
* owner: (none) => Simon Charette * stage: Unreviewed => Accepted * status: new => assigned Comment: Managed to reproduce. The issue is in the same vein as #35336 and the long tail of problems related to improper escaping handling in the schema editor (#30408, #34553, #32369). The big design problem here is that the `Constraint.(constraint|create|delete)_sql` interface returns `sql: str` instead of `(sql: str, params: tuple)` to the schema editor which has no other choice not to use backend bindings (passing `(sql, None)` to `cursor.execute`) but it decides to do so when `requires_literal_defaults = False` (PostgresSQL, MySQL) for `DEFAULT`. In other words, unless we change `Constraint` and `Index` to return un-parametrized SQL we cannot use parametrized SQL when performing any operation that involve them. I think we should mark this one as a release blocker because `db_default` was added in 5.0 and the latter still receives patches for bugs in new features until 5.1 is released? I'll try to work on a non-invasive patch that can be backported and likely create another issue to discuss switching the whole DDL generation machinery to provide `(sql: str, params: tuple)` and let the schema editor decide how it wants to deal with parametrization (use it on Postgres + MySQL) and rely on `quote_value` otherwise through a single `supports_parametrized_ddl` feature flag. -- Ticket URL: <https://code.djangoproject.com/ticket/35625#comment:1> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/01070190dc10e78e-8c248fae-dff8-4bb2-acdc-b8eed33c2678-000000%40eu-central-1.amazonses.com.