db.models.expressions.RawSQL

class RawSQL(sql, params, output_field=None) [source]

Sometimes database expressions can’t easily express a complex WHERE clause. In these edge cases, use the RawSQL expression. For example:

>>> from django.db.models.expressions import RawSQL
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))

These extra lookups may not be portable to different database engines (because you’re explicitly writing SQL code) and violate the DRY principle, so you should avoid them if possible.

Warning

You should be very careful to escape any parameters that the user can control by using params in order to protect against SQL injection attacks. params is a required argument to force you to acknowledge that you’re not interpolating your SQL with user provided data.

doc_Django
2016-10-09 18:35:20
Comments
Leave a Comment

Please login to continue.