📜  没有 sql 注入的 django raw - Python 代码示例

📅  最后修改于: 2022-03-11 14:46:54.852000             🧑  作者: Mango

代码示例1
# You MUST pass the parameters list to avoid SQL Injection
# https://docs.djangoproject.com/en/3.2/topics/db/sql/#passing-parameters-into-raw

>>> lname = 'Doe'
>>> Person.objects.raw('SELECT * FROM myapp_person WHERE last_name = %s', [lname])