subject:"\[Django\] #31589\: Raw queries do not work if any DB content column has the % symbol"

Re: [Django] #31589: Raw queries do not work if any DB content column has the % symbol. (was: Raw queries do not work if any DB content column has the % symbol)

2020-05-14 Thread Django

#31589: Raw queries do not work if any DB content column has the % symbol.
-+-
 Reporter:  jotauses |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  Database layer   |  Version:  3.0
  (models, ORM)  |
 Severity:  Normal   |   Resolution:  invalid
 Keywords:  raw query| Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by felixxm):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 My understanding is that you passed `titulo_infocor = "This is a test
 80%"`, this is not supported and moreover you’re at risk for SQL
 injection. Please check
 [https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-
 into-raw  Passing parameters into raw()] or use one of
 [https://code.djangoproject.com/wiki/TicketClosingReasons/UseSupportChannels
 support channels] if you have further questions.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/066.de4f776d2fe457eef4afa228034c0533%40djangoproject.com.

[Django] #31589: Raw queries do not work if any DB content column has the % symbol

2020-05-14 Thread Django

#31589: Raw queries do not work if any DB content column has the % symbol
-+-
   Reporter:  jotauses   |  Owner:  nobody
   Type:  Bug| Status:  new
  Component:  Database   |Version:  3.0
  layer (models, ORM)|
   Severity:  Normal |   Keywords:  raw query
   Triage Stage: |  Has patch:  0
  Unreviewed |
Needs documentation:  0  |Needs tests:  0
Patch needs improvement:  0  |  Easy pickings:  0
  UI/UX:  0  |
-+-
 **Only fails if any DB content column has the % symbol**.

 {{{
 query_postgresql = """SELECT *, similarity(titulo, '{0}') AS similarity
 FROM pdc_pdc  ORDER BY similarity DESC;"""

 pdc = Pdc.objects.raw(query_postgresql.format(titulo_infocor))
 }}}

 Column "titulo" content = "This is a test 80%".


 Traceback:

 {{{
   File "C:\Users\-\AppData\Local\Programs\Python\Python38-32\lib\site-
 packages\django\db\backends\utils.py", line 86, in _execute
 return self.cursor.execute(sql, params)
 IndexError: tuple index out of range
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/051.705030b826d8262a76f7e06d39cf9d85%40djangoproject.com.

Re: [Django] #31589: Raw queries do not work if any DB content column has the % symbol. (was: Raw queries do not work if any DB content column has the % symbol)

[Django] #31589: Raw queries do not work if any DB content column has the % symbol

2 matches

Site Navigation

Mail list logo

Footer information