When converting to 'format' type, existing '%' characters are not escaped

[kesmit13]

I ran into an issue when using a modulo operator (%) in a query which originally used named parameters (:foo) but had to be converted to format parameters (%s). The modulo operator is not escaped which caused the MySQLdb library to fail when inserting parameter substitutions. Here is an example.

>>> query = sqlparams.SQLParams('named', 'format')
>>> query.format('select x % :value from tbl', dict(value=10))
('select x % %s from tbl', [10])

I expected the query string to be:

select x %% %s from tbl

[cpburnz]

@kesmit13 Thanks for the report. What you expected is how the library should generate the query string. The psycopg2 library behaves similarly: the modulo operator (%) needs to be escaped. I'll look into fixing this.

[kesmit13]

I see a similar issue, but in reverse for numeric parameters. In this case, I'm going from numeric to pyformat and the :: is not getting un-escaped.

cur.execute('select `id`, `time` from alltypes where `id` = :1 and `time` = "00::07::00"', [0])

The above results in the following query.

select `id`, `time` from alltypes where `id` = %(_1)s and `time` = "00::07::00" {'_1': 0}

Note that the :: in the time field is still there, but it should result in 00:07:00.

[kesmit13]

Maybe the above issue isn't an issue after all. I think I may need escape_char=True when I create the formatter.

[cpburnz]

@kesmit13 The escape_char=True argument should solve your issue.

[cpburnz]

@kesmit13 % characters are now escaped when converting format/pyformat. This feature is in the new release 4.0.0.