[1.3.X] Fixed #13648 - '%s' escaping support for sqlite3 regression.

Thanks to master for the report and initial patch, and salgado and others for work on the patch. Backport of [16209] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16210 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-07-05 02:09:13 +00:00 · 2011-05-10 12:28:29 +00:00 · 2011-05-10 12:28:29 +00:00 · 5c08cda611
commit 5c08cda611
parent 7fd113e618
2 changed files with 15 additions and 1 deletions
--- a/django/db/backends/sqlite3/base.py
+++ b/django/db/backends/sqlite3/base.py
@ -220,7 +220,7 @@ class DatabaseWrapper(BaseDatabaseWrapper):
        if self.settings_dict['NAME'] != ":memory:":
            BaseDatabaseWrapper.close(self)

-FORMAT_QMARK_REGEX = re.compile(r'(?![^%])%s')
+FORMAT_QMARK_REGEX = re.compile(r'(?<!%)%s')

 class SQLiteCursorWrapper(Database.Cursor):
    """
--- a/tests/regressiontests/backends/tests.py
+++ b/tests/regressiontests/backends/tests.py
@ -194,6 +194,20 @@ class ConnectionCreatedSignalTest(TestCase):
        self.assertTrue(data == {})


+class EscapingChecks(TestCase):
+
+    @unittest.skipUnless(connection.vendor == 'sqlite',
+                         "This is a sqlite-specific issue")
+    def test_parameter_escaping(self):
+        #13648: '%s' escaping support for sqlite3
+        cursor = connection.cursor()
+        response = cursor.execute(
+            "select strftime('%%s', date('now'))").fetchall()[0][0]
+        self.assertNotEqual(response, None)
+        # response should be an non-zero integer
+        self.assertTrue(int(response))
+
+
 class BackendTestCase(TestCase):
    def test_cursor_executemany(self):
        #4896: Test cursor.executemany