mirror of
https://github.com/django/django.git
synced 2025-06-05 03:29:12 +00:00
[3.2.x] Doc'd that RawSQL can be used with __in.
Backport of e53159747c53ca8db6c338998493fd8697d38fac from main
This commit is contained in:
parent
e7ce304125
commit
601ceddf79
@ -699,12 +699,16 @@ Sometimes database expressions can't easily express a complex ``WHERE`` clause.
|
|||||||
In these edge cases, use the ``RawSQL`` expression. For example::
|
In these edge cases, use the ``RawSQL`` expression. For example::
|
||||||
|
|
||||||
>>> from django.db.models.expressions import RawSQL
|
>>> from django.db.models.expressions import RawSQL
|
||||||
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))
|
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (param,)))
|
||||||
|
|
||||||
These extra lookups may not be portable to different database engines (because
|
These extra lookups may not be portable to different database engines (because
|
||||||
you're explicitly writing SQL code) and violate the DRY principle, so you
|
you're explicitly writing SQL code) and violate the DRY principle, so you
|
||||||
should avoid them if possible.
|
should avoid them if possible.
|
||||||
|
|
||||||
|
``RawSQL`` expressions can also be used as the target of ``__in`` filters::
|
||||||
|
|
||||||
|
>>> queryset.filter(id__in=RawSQL("select id from sometable where col = %s", (param,)))
|
||||||
|
|
||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
To protect against `SQL injection attacks
|
To protect against `SQL injection attacks
|
||||||
|
Loading…
x
Reference in New Issue
Block a user