Bug 331021 - MySQLdb Connection.escape() broken
MySQLdb Connection.escape() broken
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: MySQL-python (Show other bugs)
8
All Linux
low Severity medium
: ---
: ---
Assigned To: Tom Lane
Fedora Extras Quality Assurance
http://sourceforge.net/tracker/index....
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-13 18:35 EDT by Kyle VanderBeek
Modified: 2013-07-02 23:15 EDT (History)
2 users (show)

See Also:
Fixed In Version: 1.2.2-7.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-20 15:12:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kyle VanderBeek 2007-10-13 18:35:14 EDT
Description of problem:
Connection object has broken escape() method in 1.2.2.  Due to a bug the
upstream author caused when adding additional type encoding support, the default
encoders for such mundane objects as strings and integers is broken.

This problem did not exist in versions prior to 1.2.2.  It was introduced when
upstream fix SF.net bug 1567804:

http://mysql-python.svn.sourceforge.net/viewvc/mysql-python/branches/MySQLdb-1.2/MySQLdb/MySQLdb/connections.py?r1=450&r2=466

A patch is available upstream in the SourceForge bug (1774101).

Version-Release number of selected component (if applicable):
MySQL-python-1.2.2-3.fc7

How reproducible:
Always.

Steps to Reproduce:
>>> import MySQLdb
>>> conn = MySQLdb.connect(user='xxx', passwd='yyy', db='foo')
>>> print conn.escape("you're")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
TypeError: no default type converter defined
  
Actual results:
TypeError thrown.

Expected results:
>>> print conn.escape("you're")
'you\'re'

Should return a safely encoded string suitable for using in run-time
construction of SQL via string concatenation.

Additional info:
This isn't used very often, but it is necessary for avoiding security problems
in certain situations.  When using specialize MySQL syntax such as multiple
tuple inserts or ON DUPLICATE KEY extensions a programmer may need to manually
escape values while building an SQL string.  This escape() function is the best
way to do it.
Comment 1 Bug Zapper 2008-05-14 10:44:29 EDT
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Tom Lane 2008-06-19 22:58:09 EDT
My apologies for not having done something with this sooner.  I was waiting around for adustman to put 
out 1.2.3 or at least accept the patch into his sources, but it's becoming clear that he's wedged somehow.  
I'm pushing your patch into F-8 and F-9.
Comment 3 Fedora Update System 2008-06-19 23:01:09 EDT
MySQL-python-1.2.2-7.fc9 has been submitted as an update for Fedora 9
Comment 4 Fedora Update System 2008-06-19 23:02:39 EDT
MySQL-python-1.2.2-7.fc8 has been submitted as an update for Fedora 8
Comment 5 Fedora Update System 2008-06-20 15:12:47 EDT
MySQL-python-1.2.2-7.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2008-06-20 15:13:16 EDT
MySQL-python-1.2.2-7.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.