#19883: Inconsistent parameter substitution in cursor wrappers
----------------------------------------------+--------------------
Reporter: xi@… | Owner: nobody
Type: Bug | Status: new
Component: Database layer (models, ORM) | Version: 1.4
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------------------+--------------------
The following script produces different results with different values of
`DEBUG` setting and the database backend:
{{{
from django.db import connections
from django.db.utils import DEFAULT_DB_ALIAS
connection = connections[DEFAULT_DB_ALIAS]
cursor = connection.cursor()
cursor.execute("SELECT 'test' LIKE '%st'")
print cursor.fetchone()
}}}
Correct output with `DEBUG=False` and `ENGINE=postgresql_psycopg2`:
{{{
(True,)
}}}
Correct output with `DEBUG=False` and `ENGINE=mysql`:
{{{
(1L,)
}}}
Incorrect output with `DEBUG=False` and `ENGINE=sqlite3`:
{{{
(0,)
}}}
Traceback with `DEBUG=True` and `ENGINE=postgresql_psycopg2`:
{{{
Traceback (most recent call last):
File "bug.py", line 9, in <module>
cursor.execute("SELECT 'test' LIKE '%st'")
File "/home/xi/lib/python2.7/site-packages/django/db/backends/util.py",
line 40, in execute
return self.cursor.execute(sql, params)
File "/home/xi/lib/python2.7/site-
packages/django/db/backends/postgresql_psycopg2/base.py", line 52, in
execute
return self.cursor.execute(query, args)
IndexError: tuple index out of range
}}}
Traceback with `DEBUG=True` and `ENGINE=mysql`:
{{{
Traceback (most recent call last):
File "bug.py", line 9, in <module>
cursor.execute("SELECT 'test' LIKE '%st'")
File "/home/xi/lib/python2.7/site-packages/django/db/backends/util.py",
line 40, in execute
return self.cursor.execute(sql, params)
File "/home/xi/lib/python2.7/site-
packages/django/db/backends/mysql/base.py", line 114, in execute
return self.cursor.execute(query, args)
File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 159, in
execute
query = query % db.literal(args)
TypeError: not enough arguments for format string
}}}
Traceback with `DEBUG=True` and `ENGINE=sqlite3`:
{{{
Traceback (most recent call last):
File "bug.py", line 9, in <module>
cursor.execute("SELECT 'test' LIKE '%st'")
File "/home/xi/lib/python2.7/site-packages/django/db/backends/util.py",
line 44, in execute
sql = self.db.ops.last_executed_query(self.cursor, sql, params)
File "/home/xi/lib/python2.7/site-
packages/django/db/backends/__init__.py", line 614, in last_executed_query
return smart_unicode(sql) % u_params
TypeError: not enough arguments for format string
}}}
Python DB API does not specify when to perform parameter substitution, but
it appears all database drivers that use pyformat parameter style follow
the same rules:
1. If `cursor.execute(sql)` is called with one parameter, no parameter
substitution is performed.
2. If `cursor.execute(sql, params)` is called with two parameters,
placeholder symbols are replaced with escaped parameter values.
I'd expect Django cursor wrappers to respect these rules, or at least be
consistent. Currently, `django.db.backends.CursorDebugWrapper` and
`django.db.backends.sqlite3.SQLiteCursorWrapper` violate these
conventions.
--
Ticket URL: <https://code.djangoproject.com/ticket/19883>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
