Changes between Initial Version and Version 1 of Ticket #35093
- Timestamp:
- Jan 7, 2024, 1:34:11 PM (9 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #35093
- Property Resolution → wontfix
- Property Status new → closed
- Property Summary Handling Special Characters in ORM Annotate Aliases → Allow SQL injection characters in QuerySet.annotate() aliases
-
Ticket #35093 – Description
initial v1 1 1 Encountered a limitation in Django ORM when using annotations with column aliases containing special characters like apostrophes or spaces. For example: 2 2 3 Model.objects.annotate(**{"VALUE_WITH_APOSTROPHE'-2": Count('attribute_name')}) 3 `Model.objects.annotate(**{"VALUE_WITH_APOSTROPHE'-2": Count('attribute_name')})` 4 4 5 This generates a ValueError: Column aliases cannot contain whitespace characters.While SQL syntax allows such aliases, Django ORM does not, leading to a lack of flexibility and unexpected errors in ORM interactions.5 This generates a `ValueError: Column aliases cannot contain whitespace characters, quotation marks, semicolons, or SQL comments.` While SQL syntax allows such aliases, Django ORM does not, leading to a lack of flexibility and unexpected errors in ORM interactions. 6 6 7 7 Impact: … … 16 16 17 17 Interested in community and maintainers' perspectives on potential solutions to provide ORM-level flexibility for end-user applications. Looking forward to contributing to the discussion and development of this feature. 18