On Thu, Jun 01, 2017 at 02:29:17AM -0700, Roshan Raghupathy wrote: > Hi, > I came across an issue yesterday. Post on stackoverflow > <https://stackoverflow.com/questions/44287443/incorrect-escaping-in-django-sql-query> > > On further investigation today, I think I found the source of the issue. > It's this line > <https://github.com/django/django/blob/master/django/db/models/functions/datetime.py#L149>. > > The parameters which are escaped here are never reverted back to the > original form. > I tested a dirty fix by converting all '%%s' to '%s' and the query worked. > Should I submit a bug? Has it been submitted already?
Hi Roshan, I just took a quick look, and it seems you are right – in all of the official backend implementations, the *_trunc_sql only use the second argument in the right-hand side of string formatting, so this double-percent escaping appears to be wrong there. I did a quick search through the issue tracker, and didn't find anything about this issue, would you mind submitting a new bug report? It would be best if you could include a complete minimal example that we could easily run to reproduce the problem. Thanks, Michal -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20170602091343.GR23772%40koniiiik.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature
