mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-05 03:29:12 +00:00
Code Issues 32 Releases Wiki Activity

[3.2.x] Doc'd that RawSQL can be used with __in.

Browse Source 
Backport of e53159747c53ca8db6c338998493fd8697d38fac from main
This commit is contained in:
Simon Willison 2021-03-23 16:03:23 -07:00 committed by Carlton Gibson
parent e7ce304125
commit 601ceddf79
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ref/models/expressions.txt
View File

@ -699,12 +699,16 @@ Sometimes database expressions can't easily express a complex ``WHERE`` clause.
In these edge cases, use the ``RawSQL`` expression. For example:: In these edge cases, use the ``RawSQL`` expression. For example::
>>> from django.db.models.expressions import RawSQL >>> from django.db.models.expressions import RawSQL
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,))) >>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (param,)))
These extra lookups may not be portable to different database engines (because These extra lookups may not be portable to different database engines (because
you're explicitly writing SQL code) and violate the DRY principle, so you you're explicitly writing SQL code) and violate the DRY principle, so you
should avoid them if possible. should avoid them if possible.
``RawSQL`` expressions can also be used as the target of ``__in`` filters::
>>> queryset.filter(id__in=RawSQL("select id from sometable where col = %s", (param,)))
.. warning:: .. warning::
To protect against `SQL injection attacks To protect against `SQL injection attacks