summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2013-03-23 16:09:56 +0100
committerClaude Paroz <claude@2xlibre.net>2013-03-23 17:11:10 +0100
commit76aecfbc4b49f5ab0613cccff1df6fab03253fab (patch)
tree288a5c0e14ebe27d051b0ec01d16977f76b99838 /docs
parente7514e4978178ba68a872ac0004dd6f8049f3d76 (diff)
Fixed #9055 -- Standardized behaviour of parameter escaping in db cursors
Previously, depending on the database backend or the cursor type, you'd need to double the percent signs in the query before passing it to cursor.execute. Now cursor.execute consistently need percent doubling whenever params argument is not None (placeholder substitution will happen). Thanks Thomas Güttler for the report and Walter Doekes for his work on the patch.
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/db/sql.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/topics/db/sql.txt b/docs/topics/db/sql.txt
index b52e6e795f..34cfa382d3 100644
--- a/docs/topics/db/sql.txt
+++ b/docs/topics/db/sql.txt
@@ -227,6 +227,12 @@ For example::
were committed to the database. Since Django now defaults to database-level
autocommit, this isn't necessary any longer.
+Note that if you want to include literal percent signs in the query, you have to
+double them in the case you are passing parameters::
+
+ cursor.execute("SELECT foo FROM bar WHERE baz = '30%'")
+ cursor.execute("SELECT foo FROM bar WHERE baz = '30%%' and id = %s", [self.id])
+
If you are using :doc:`more than one database </topics/db/multi-db>`, you can
use ``django.db.connections`` to obtain the connection (and cursor) for a
specific database. ``django.db.connections`` is a dictionary-like