mirrors
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues 24 Releases Wiki Activity

Doc'd that RawSQL can be used with __in.

This commit is contained in:
Simon Willison 2021-03-23 16:03:23 -07:00 committed by Carlton Gibson
parent f3825248a2
commit e53159747c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ref/models/expressions.txt
View File

@ -699,12 +699,16 @@ Sometimes database expressions can't easily express a complex ``WHERE`` clause.
In these edge cases, use the ``RawSQL`` expression. For example::
>>> from django.db.models.expressions import RawSQL
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (param,)))
These extra lookups may not be portable to different database engines (because
you're explicitly writing SQL code) and violate the DRY principle, so you
should avoid them if possible.
``RawSQL`` expressions can also be used as the target of ``__in`` filters::
>>> queryset.filter(id__in=RawSQL("select id from sometable where col = %s", (param,)))
.. warning::
To protect against `SQL injection attacks