Comments (4)
Repro steps: in a virtualenv for this project, run python manage.py shell
and then paste the following simple query:
from django.db.models import F, Min
from testapp import models
models.Number.objects.values('integer').annotate(myannotation=Min(F('integer') % 3))
which fails with the following traceback:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "site-packages/django/db/models/query.py", line 374, in __repr__
data = list(self[: REPR_OUTPUT_SIZE + 1])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "site-packages/django/db/models/query.py", line 398, in __iter__
self._fetch_all()
File "site-packages/django/db/models/query.py", line 1881, in _fetch_all
self._result_cache = list(self._iterable_class(self))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "site-packages/django/db/models/query.py", line 208, in __iter__
for row in compiler.results_iter(
^^^^^^^^^^^^^^^^^^^^^^
File "site-packages/django/db/models/sql/compiler.py", line 1513, in results_iter
results = self.execute_sql(
^^^^^^^^^^^^^^^^^
File "site-packages/django/db/models/sql/compiler.py", line 1562, in execute_sql
cursor.execute(sql, params)
File "site-packages/django/db/backends/utils.py", line 102, in execute
return super().execute(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "site-packages/django/db/backends/utils.py", line 67, in execute
return self._execute_with_wrappers(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
return executor(sql, params, many, context)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "site-packages/django/db/backends/utils.py", line 89, in _execute
return self.cursor.execute(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "mssql-django/mssql/base.py", line 671, in execute
sql = self.format_sql(sql, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "mssql-django/mssql/base.py", line 616, in format_sql
sql = sql % tuple('?' * len(params))
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
TypeError: not enough arguments for format string
At the point of failure the variable sql
contains the following, so there are 2 %
signs (one meaning "MOD") despite only being 1 param, so then the python string formatting fails:
'DECLARE @var0 INT = %s
SELECT TOP 21 [testapp_number].[the_integer], MIN(([testapp_number].[the_integer] % @var0)) AS [myannotation] FROM [testapp_number] GROUP BY [testapp_number].[the_integer]'
This is somewhat contrived, but we hit this bug in real code and it is blocking us from upgrading to mssql-django==1.4.2
. In the mean time we have had to manually patch in the fix for GHSA-vmqv-47j8-gwv8 (CVE-2024-26164) on top of 1.3.
from mssql-django.
Thanks for your responses.
It appears the bug stems from performing an additional string formatting operation using %. Doing so removes the extra % used for escaping the modulo operator.
Example:
'%% %s' -> '% (value)' After the first string format.
'% (value)' -> Error After the second string format. Here python expects to insert a parameter but it can't find it.
from mssql-django.
Hi @henrikek,
This makes sense to me, but you could also provide us with a test case to expedite our investigation process. Thank you.
from mssql-django.
I have tried to reproduce this with a normal django query but I have not succeeded. I saw this problem before in combination with Django rest framework and SearchFilter, but I'm sorry but I haven't been able to reproduce this, so maybe it's not a problem. But at the same time, I know that if you format a string in two parts as the new code looks like, problems with the percent sign can cause it.
from mssql-django.
Related Issues (20)
- [BUG] - Degradation caused by DatabaseIntrospection.get_table_list HOT 3
- Datetime conversion issue with USE_TZ and settings.TIME_ZONE != 'UTC'? HOT 2
- [42000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Incorrect syntax near ')' ... Mssqlserver does not support COUNT_BIG (expr) HOT 6
- file not found (0) (SQLDriverConnect)") HOT 2
- Fail to connect to database mac os with M2 HOT 2
- [QUESTION] Why is supports_ignore_conflicts = False HOT 1
- Setting a default value for fields do not propagate to database HOT 1
- SQL Server 2005 compatibility issue- migration failure with filtered index queries HOT 2
- How to enable REGEXP_LIKE function on Azure SQL Server HOT 2
- [QUESTION] HOT 3
- [QUESTION] How to use executemany with raw query? HOT 3
- Named filter not working HOT 2
- [QUESTION] SQL Server does not support JSONFields. HOT 2
- CursorWrapper._as_sql_type should handle bytes values HOT 3
- Unable to connect from Docker container running django to SQL Server using the FreeTDS driver HOT 1
- Query results different on 1.5 on static query. HOT 5
- 10 minutes to close connection after an occurrence of 'query_timeout'. HOT 3
- [QUESTION]Here are two questions, Can it support python 3.11?and Can it support django async well? HOT 8
- [QUESTION]I user mssql-django and how to support chinese?When inserting Chinese using SQL , it was found from the database that it was garbled。 HOT 2
- Close db connection immediately after calling a complex procedure cause db rollback HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mssql-django.