#34453 closed Bug (duplicate)

Parameterized raw queries no longer support lists

Reported by: Jonathan Tremesaygues Owned by: nobody
Component: Database layer (models, ORM) Version: 4.2
Severity: Normal Keywords: parameterized raw query
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hi,

We have some parameterized raw queries that use a list as parameter, like this:

from django.db import connection

with connection.cursor() as cursor:
    cursor.execute(
        "select * from auth_user where id in %s", 
        ((1, 2, 3),)
    )

With Django 4.1.7, the code works as expected. But since upgrade to 4.2, with have this error:

SyntaxError                               Traceback (most recent call last)
File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/backends/utils.py:89, in CursorWrapper._execute(self, sql, params, *ignored_wrapper_args)
     88 else:
---> 89     return self.cursor.execute(sql, params)

File ~/projects/webfit/venv/lib/python3.10/site-packages/psycopg/cursor.py:723, in Cursor.execute(self, query, params, prepare, binary)
    722 except e.Error as ex:
--> 723     raise ex.with_traceback(None)
    724 return self

SyntaxError: syntax error at or near "'(1,2,3)'"
LINE 1: select * from auth_user where pk in '(1,2,3)'
                                            ^

The above exception was the direct cause of the following exception:

ProgrammingError                          Traceback (most recent call last)
Cell In[6], line 2
      1 with connection.cursor() as cursor:
----> 2     cursor.execute("select * from auth_user where pk in %s", ((1, 2, 3),))
      3     print(cursor.fetchone())

File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/backends/utils.py:102, in CursorDebugWrapper.execute(self, sql, params)
    100 def execute(self, sql, params=None):
    101     with self.debug_sql(sql, params, use_last_executed_query=True):
--> 102         return super().execute(sql, params)

File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/backends/utils.py:67, in CursorWrapper.execute(self, sql, params)
     66 def execute(self, sql, params=None):
---> 67     return self._execute_with_wrappers(
     68         sql, params, many=False, executor=self._execute
     69     )

File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/backends/utils.py:80, in CursorWrapper._execute_with_wrappers(self, sql, params, many, executor)
     78 for wrapper in reversed(self.db.execute_wrappers):
     79     executor = functools.partial(wrapper, executor)
---> 80 return executor(sql, params, many, context)

File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/backends/utils.py:84, in CursorWrapper._execute(self, sql, params, *ignored_wrapper_args)
     82 def _execute(self, sql, params, *ignored_wrapper_args):
     83     self.db.validate_no_broken_transaction()
---> 84     with self.db.wrap_database_errors:
     85         if params is None:
     86             # params default might be backend specific.
     87             return self.cursor.execute(sql)

File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/utils.py:91, in DatabaseErrorWrapper.__exit__(self, exc_type, exc_value, traceback)
     89 if dj_exc_type not in (DataError, IntegrityError):
     90     self.wrapper.errors_occurred = True
---> 91 raise dj_exc_value.with_traceback(traceback) from exc_value

File ~/projects/webfit/venv/lib/python3.10/site-packages/django/db/backends/utils.py:89, in CursorWrapper._execute(self, sql, params, *ignored_wrapper_args)
     87     return self.cursor.execute(sql)
     88 else:
---> 89     return self.cursor.execute(sql, params)

File ~/projects/webfit/venv/lib/python3.10/site-packages/psycopg/cursor.py:723, in Cursor.execute(self, query, params, prepare, binary)
    719         self._conn.wait(
    720             self._execute_gen(query, params, prepare=prepare, binary=binary)
    721         )
    722 except e.Error as ex:
--> 723     raise ex.with_traceback(None)
    724 return self

ProgrammingError: syntax error at or near "'(1,2,3)'"
LINE 1: select * from auth_user where pk in '(1,2,3)'

I didn’t see any mention to this change in the release note (https://docs.djangoproject.com/en/4.2/releases/4.2/).

Change History (1)

comment:1 by Mariusz Felisiak, 21 months ago

Resolution: duplicate
Status: newclosed

Duplicate of #34434.

Note: See TracTickets for help on using tickets.
Back to Top