Hi,
I came across an issue yesterday caused by TruncDay function. You can find
it here:
https://stackoverflow.com/questions/44287443/incorrect-escaping-in-django-sql-query
Copy pasting from there:
Here's the query I'm trying to run:
MyModel.objects.filter(created__lt=functions.TruncDay(Value(timezone.now(),
output_field=DateTimeField())))
It translates to:
SELECT <field-list> FROM "mymodel" WHERE "mymodel"."created" <
(DATE_TRUNC('day', %%s AT TIME ZONE %s))
before Django performs parameter substitution. Note that the first %s has
been escaped to %%s. This causes the parameter substitution to throw an
exception.
Is this intended behaviour or a bug?
I dug into the internals a bit to figure this out and the issue comes from this
line
<https://github.com/django/django/blob/master/django/db/models/functions/datetime.py#L149>
where
the query till that point is escaped but later, they are never escaped back
to the original form for correct parameter substitution. I went ahead and
added code to replace `%%s` with `%s` before parameter substitution and it
worked fine. Am I missing something here or should I file a bug(has it been
filed already?)?
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/fa9432e7-cd3d-4c9a-b064-b5b009d13895%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
