mirrors
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues 24 Releases Wiki Activity

Doc'd that RawSQL can be used with __in.

This commit is contained in:
Simon Willison 2021-03-23 16:03:23 -07:00 committed by Carlton Gibson
parent f3825248a2
commit e53159747c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ref/models/expressions.txt
View File

@ -699,12 +699,16 @@ Sometimes database expressions can't easily express a complex ``WHERE`` clause.
In these edge cases, use the ``RawSQL`` expression. For example:: In these edge cases, use the ``RawSQL`` expression. For example::
>>> from django.db.models.expressions import RawSQL >>> from django.db.models.expressions import RawSQL
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,))) >>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (param,)))
These extra lookups may not be portable to different database engines (because These extra lookups may not be portable to different database engines (because
you're explicitly writing SQL code) and violate the DRY principle, so you you're explicitly writing SQL code) and violate the DRY principle, so you
should avoid them if possible. should avoid them if possible.
``RawSQL`` expressions can also be used as the target of ``__in`` filters::
>>> queryset.filter(id__in=RawSQL("select id from sometable where col = %s", (param,)))
.. warning:: .. warning::
To protect against `SQL injection attacks To protect against `SQL injection attacks