p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[3.2.x] Doc'd that RawSQL can be used with __in. 

Backport of e53159747c from main
This commit is contained in:
Simon Willison 2021-03-23 16:03:23 -07:00 committed by Carlton Gibson
parent e7ce304125
commit 601ceddf79
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ref/models/expressions.txt
View File

@ -699,12 +699,16 @@ Sometimes database expressions can't easily express a complex ``WHERE`` clause.
In these edge cases, use the ``RawSQL`` expression. For example:: In these edge cases, use the ``RawSQL`` expression. For example::
>>> from django.db.models.expressions import RawSQL >>> from django.db.models.expressions import RawSQL
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,))) >>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (param,)))
These extra lookups may not be portable to different database engines (because These extra lookups may not be portable to different database engines (because
you're explicitly writing SQL code) and violate the DRY principle, so you you're explicitly writing SQL code) and violate the DRY principle, so you
should avoid them if possible. should avoid them if possible.
``RawSQL`` expressions can also be used as the target of ``__in`` filters::
>>> queryset.filter(id__in=RawSQL("select id from sometable where col = %s", (param,)))
.. warning:: .. warning::
To protect against `SQL injection attacks To protect against `SQL injection attacks