Description:
mysql-connector-python as of 9.3.0 cannot correctly persist a binary value that contains double percent signs in it. persisting the string b'binary data with %%s in it' into a BLOB column will show at the MySQL monitor:
MySQL [test]> select * from binary_table;
+---------------------------+
| data |
+---------------------------+
| binary data with %s in it |
+---------------------------+
1 row in set (0.002 sec)
whereas with 9.2.0 the two percent signs are maintained:
MySQL [test]> select * from binary_table;
+----------------------------+
| data |
+----------------------------+
| binary data with %%s in it |
+----------------------------+
1 row in set (0.002 sec)
a full Python script is provided below.
It would appear that some kind of string escaping is being applied to the binary parameter itself which is inappropriate. this is a major blocking issue for all users of mysql-connector-python which IMO warrants immediate release.
How to repeat:
from mysql import connector
stream1 = b"binary data with %%s in it"
connection = connector.connect(
user="scott", password="tiger", host="mysql80", database="test"
)
cursor = connection.cursor()
cursor.execute("DROP TABLE IF EXISTS binary_table")
cursor.execute(
"""CREATE TABLE binary_table (
data BLOB
)"""
)
cursor.execute(
"""INSERT INTO binary_table (data) VALUES (%(data)s)""",
{"data": stream1},
)
connection.commit()
cursor.execute("""SELECT binary_table.data FROM binary_table""")
result = cursor.fetchall()
assert stream1 == result[0][0]
Suggested fix:
do not apply string escaping to the bound values of a statement in any way and add unit tests to ensure this does not regress
Description: mysql-connector-python as of 9.3.0 cannot correctly persist a binary value that contains double percent signs in it. persisting the string b'binary data with %%s in it' into a BLOB column will show at the MySQL monitor: MySQL [test]> select * from binary_table; +---------------------------+ | data | +---------------------------+ | binary data with %s in it | +---------------------------+ 1 row in set (0.002 sec) whereas with 9.2.0 the two percent signs are maintained: MySQL [test]> select * from binary_table; +----------------------------+ | data | +----------------------------+ | binary data with %%s in it | +----------------------------+ 1 row in set (0.002 sec) a full Python script is provided below. It would appear that some kind of string escaping is being applied to the binary parameter itself which is inappropriate. this is a major blocking issue for all users of mysql-connector-python which IMO warrants immediate release. How to repeat: from mysql import connector stream1 = b"binary data with %%s in it" connection = connector.connect( user="scott", password="tiger", host="mysql80", database="test" ) cursor = connection.cursor() cursor.execute("DROP TABLE IF EXISTS binary_table") cursor.execute( """CREATE TABLE binary_table ( data BLOB )""" ) cursor.execute( """INSERT INTO binary_table (data) VALUES (%(data)s)""", {"data": stream1}, ) connection.commit() cursor.execute("""SELECT binary_table.data FROM binary_table""") result = cursor.fetchall() assert stream1 == result[0][0] Suggested fix: do not apply string escaping to the bound values of a statement in any way and add unit tests to ensure this does not regress