On Wed, May 13, 2009 at 5:53 AM, Daniel Roseman < roseman.dan...@googlemail.com> wrote:
> > On May 13, 2:25 am, Thierry <lamthie...@gmail.com> wrote: > > My table has the following entry: > > > > id name > > 1 foo's > > > > I'm currently trying the following: > > > > value = "foo's" > > > > MyModel.objects.get(name = value) > > > > The above is raising the exception DoesNotExist. Doesn't the get > > function automatically escape the single quote? Is there also a way > > to output the generated SQL of the above method? > > No, there's no 'escaping' for database lookups. Are you sure the > element actually exists in the DB? > I'm confused by your answer because your first sentence here seems to conflict with the second. The single quote in the name will be automatically escaped, if necessary. Whether it's necessary I believe will depend on how the database backend does quoting. I'm most familiar with MySQL, where the "foo's" value will be quoted using single quotes, so the embedded single quote will need to be escaped, and that will be done automatically. > > You can see the code (as long as DEBUG=True) by doing: > from django.db import connection > connection.queries True, but note that what is logged in connection.queries is the SQL before being handed to the backend for quoting. So for a question like this one, what's logged in connection.queries may give the wrong answer. For example, this shell session gives the impression that the foo's value is not quoted: >>> from ttt.models import FCollection >>> from django.db import connection >>> value = "foo's" >>> FCollection.objects.get(name=value) <FCollection: foo's> >>> connection.queries[-1] {'time': '0.001', 'sql': u"SELECT `ttt_fcollection`.`id`, `ttt_fcollection`.`name` FROM `ttt_fcollection` WHERE `ttt_fcollection`.`name` = foo's "} >>> quit() However, if you have logging turned on for MySQL and look at its log, you can see that in fact the value foo's was enclosed in single quotes and the embedded single quote correctly escaped when the query was actually sent to the database: 176 Query SELECT `ttt_fcollection`.`id`, `ttt_fcollection`.`name` FROM `ttt_fcollection` WHERE `ttt_fcollection`.`name` = 'foo\'s' connection.queries is usually sufficient, but the database log is the most accurate way I know of to see exactly what SQL was sent to the database. Karen --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---