mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Subquery and Case Classes; Add Tests and Improve Documentation
This commit is contained in:
parent
b6ad8b687a
commit
5d2b5e3a25
@ -164,6 +164,13 @@ the ``Client`` has been with us, we could do so using lookups:
|
|||||||
... ).values_list("name", "discount")
|
... ).values_list("name", "discount")
|
||||||
<QuerySet [('Jane Doe', '5%'), ('James Smith', '0%'), ('Jack Black', '10%')]>
|
<QuerySet [('Jane Doe', '5%'), ('James Smith', '0%'), ('Jack Black', '10%')]>
|
||||||
|
|
||||||
|
The ``**extra`` kwargs are ``key=value`` pairs that can be interpolated
|
||||||
|
into the ``template`` attribute. To avoid an SQL injection vulnerability,
|
||||||
|
``extra`` :ref:`must not contain untrusted user input
|
||||||
|
<avoiding-sql-injection-in-query-expressions>` as these values are interpolated
|
||||||
|
into the SQL string rather than passed as query parameters, where the database
|
||||||
|
driver would escape them.
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
Remember that the conditions are evaluated in order, so in the above
|
Remember that the conditions are evaluated in order, so in the above
|
||||||
|
@ -568,7 +568,7 @@ expressions. For more details see :doc:`conditional-expressions`.
|
|||||||
``Subquery()`` expressions
|
``Subquery()`` expressions
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
.. class:: Subquery(queryset, output_field=None)
|
.. class:: Subquery(queryset, output_field=None, **extra)
|
||||||
|
|
||||||
You can add an explicit subquery to a ``QuerySet`` using the ``Subquery``
|
You can add an explicit subquery to a ``QuerySet`` using the ``Subquery``
|
||||||
expression.
|
expression.
|
||||||
@ -593,6 +593,13 @@ On PostgreSQL, the SQL looks like:
|
|||||||
ORDER BY U0."created_at" DESC LIMIT 1
|
ORDER BY U0."created_at" DESC LIMIT 1
|
||||||
) AS "newest_commenter_email" FROM "post"
|
) AS "newest_commenter_email" FROM "post"
|
||||||
|
|
||||||
|
The ``**extra`` kwargs are ``key=value`` pairs that can be interpolated
|
||||||
|
into the ``template`` attribute. To avoid an SQL injection vulnerability,
|
||||||
|
``extra`` :ref:`must not contain untrusted user input
|
||||||
|
<avoiding-sql-injection-in-query-expressions>` as these values are interpolated
|
||||||
|
into the SQL string rather than passed as query parameters, where the database
|
||||||
|
driver would escape them.
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
The examples in this section are designed to show how to force
|
The examples in this section are designed to show how to force
|
||||||
|
@ -722,6 +722,22 @@ class CaseExpressionTests(TestCase):
|
|||||||
transform=itemgetter("integer", "integer2", "max"),
|
transform=itemgetter("integer", "integer2", "max"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_case_with_extra_kwargs(self):
|
||||||
|
case_expression = Case(
|
||||||
|
When(integer=1, then=Value(10)),
|
||||||
|
When(integer=2, then=Value(20)),
|
||||||
|
default=Value(0),
|
||||||
|
template="CASE %(cases)s ELSE %(default)s + 5 END",
|
||||||
|
)
|
||||||
|
self.assertListEqual(
|
||||||
|
list(
|
||||||
|
CaseTestModel.objects.annotate(values=case_expression).values_list(
|
||||||
|
"values", flat=True
|
||||||
|
)
|
||||||
|
),
|
||||||
|
[10, 20, 5, 20, 5, 5, 5],
|
||||||
|
)
|
||||||
|
|
||||||
def test_update(self):
|
def test_update(self):
|
||||||
CaseTestModel.objects.update(
|
CaseTestModel.objects.update(
|
||||||
string=Case(
|
string=Case(
|
||||||
|
Loading…
Reference in New Issue
Block a user