`&` character in database password gives error with django dbshell

Question

I'm using an & ampersand sign in my database password in Django. The settings.py file looks like this :

DATABASES = {
    'default': {
        'ENGINE'    : 'django.db.backends.mysql',
        'NAME'      : 'testdb',
        'USER'      : 'user1',
        'PASSWORD'  : 'pass&word',
        'HOST'      : '', 
        'PORT'      : '',
    }
}

I get the following error with dbshell

$ python manage.py dbshell

Warning: Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'user1'@'localhost' (using password: YES)
'word' is not recognized as an internal or external command,
operable program or batch file.

If my password is pass&word, you can see that the command breaks after & character. How do I get around this (other than changing my password). Is it a Django bug or should I escape the character?

P.S. python manage.py runserver works without any problems. Using command prompt on Win7.

Answer 1

Bug in Django.

Ticket : https://code.djangoproject.com/ticket/22234
Fix      : https://github.com/django/django/pull/2412
Credit : @lanzz