| Bug #77660 | MySQLCursor.execute silently ignores params if wrong type | ||
|---|---|---|---|
| Submitted: | 8 Jul 2015 18:17 | ||
| Reporter: | Sebastian Eckweiler | Email Updates: | |
| Status: | Open | Impact on me: | |
| Category: | Connector / Python | Severity: | S4 (Feature request) |
| Version: | 2.0.4 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
Portions of this website are copyright © 2001, 2002 The PHP Group
Page generated in 0.050 sec. using MySQL 8.4.5-u2-cloud
Timestamp references displayed by the system are UTC.
Content reproduced on this site is the property of the
respective copyright holders.
It is not reviewed in advance
by Oracle and does not necessarily represent the opinion of
Oracle or any other party.
© 2025, Oracle Corporation and/or its affiliates
Description: MySQLCursor.execute silently ignores params that are neither list, tuple or dict instead of raising a TypeError, which would be the proper behaviour at this point. In addition, duck typing or using the abstract base classes in the collections module in favour of explicit type checks would allow direct use of other objects implementing either the sequence or mapping protocol instead of only lists, tuples and dicts. How to repeat: Invoke execute with params not being a tuple, list or dict: cursor.execute('SELECT * FROM my_table WHERE my_table.my_column = %s', SomeObject()) Will raise a ProgrammingError because of the not interpolated '%s'. Suggested fix: Raise a TypeError in cursor.py in the else branch of isinstance(params, dict) in line 499. Replace isinstance(params, dict) by isinstance(params, collections.Sequence) and isinstance(params, (list, tuple)) by isinstance(params, collections.Mapping) to support user defined sequences and mappings.