Ticket #1143 (closed defect: duplicate)

Opened 3 years ago

Last modified 3 years ago

Default value is not properly escaped in sqlite3 backend.

Reported by: ryusungho@… Owned by: andrew
Priority: major Milestone:
Component: databaseapi Version: 0.7.5
Keywords: Cc:


In south.db.sqlite3.DatabaseOperations:79, column_info['dflt_value'] is not properly escaped.

if column_info['dflt_value'] is not None:
    type += " DEFAULT " + column_info['dflt_value']

I think the value should be escaped properly, depending on the type of column_info['dflt_value']:

if column_info['dflt_value'] is not None:
    if isinstance(column_info['dflt_value'], (str, unicode)):
        type += " DEFAULT '%s'" % sqlite3_specific_str_escape(column_info['dflt_value'])
    else : # more type checks if necessary
        type += " DEFAULT " + str(column_info['dflt_value'])

I was able to reproduce this error when migrating django-celery===3.0.1, where default values of some columns were int.

Change History

comment:1 Changed 3 years ago by andrew

  • Status changed from new to closed
  • Resolution set to duplicate

Duplicate of #1116.

Note: See TracTickets for help on using tickets.