[Django Code] #5651: Single quotes get escaped twice when creating admin log

Mon, 01 Oct 2007 08:06:21 -0700 

#5651: Single quotes get escaped twice when creating admin log
-----------------------+----------------------------------------------------
Reporter:  anonymous   |       Owner:  nobody          
  Status:  new         |   Component:  Database wrapper
 Version:  0.96        |    Keywords:                  
   Stage:  Unreviewed  |   Has_patch:  0               
-----------------------+----------------------------------------------------
 I'm using Django 0.96, Python 2.4.4, MySql 5.0.32 (all from Debian Etch).

 Some field descriptions in models.py contain apostropes, or single quotes
 ('). They are correctly escaped in the file and displayed perfectly in the
 admin.
 Later, though, when I save a new or modified record, and Django tries to
 add the admin log entry into the django_admin_log database, I get
 execution stopped with a MySql warning: "Incorrect string value". Digging
 a bit into the problem, I found that this is a query escaping problem.

 It happens in the BaseCursor.execute() method. It gets called with a
 '''query''' variable that's like
 {{{
 'INSERT INTO `table` (`field1`,`field2`) VALUES (%s,%s)'
 }}}
 and the '''args''' are
 {{{
 ['value1',"i'm another value"]
 }}}

 then come these two lines:
 {{{
 #!python
 query = query.encode(charset)
 query = query % db.literal(args)
 }}}

 And now the '''query''' looks like
 {{{
 "INSERT INTO `table` (`field1`,`field2`) VALUES ('value1','i\\'m another
 value')"
 }}}

 Of course MySql goes on until the escaped backslash, then there's a single
 quote and the value string ends... what is '''m another value' '''?

 So... something escapes that single quote twice instead of once.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/5651>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to