#16407: Unicode not working for direct SQL INSERT
------------------------+----------------------------------------------
Reporter: mashedmeat | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: Database layer (models, ORM)
Version: 1.3 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------+----------------------------------------------
I've only tried this bug using "INSERT INTO" and "INSERT OR REPLACE INTO".
The problem is that I can't use params. Here's what I was trying:
{{{
word = "pickle"
translation = googleTranslate('english', 'chinese', word) #from, to, word-
to-be-translated
cursor.execute("INSERT INTO %s VALUES (%s, %s)", [table, word,
translation]) # table won't insert here...
}}}
In order to bypass this, I had to insert it using a string, which was
explicitly stated to be a security problem in the documentation:
{{{
insert_sql = "INSERT INTO %s VALUES" % (table_name)
insert_sql = insert_sql + " (%s, %s)"
cursor.execute(insert_sql, [title, translation])
}}}
(the code is a little different, because it's my actual code. I wrote the
last code bit to try to better illustrate what's going on.)
Best,
Loren
--
Ticket URL: <https://code.djangoproject.com/ticket/16407>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
