django raw without sql injection

Solutions on MaxInterview for django raw without sql injection by the best coders in the world

showing results for - "django raw without sql injection"
Carlie
25 Feb 2019
1# You MUST pass the parameters list to avoid SQL Injection
2# https://docs.djangoproject.com/en/3.2/topics/db/sql/#passing-parameters-into-raw
3
4>>> lname = 'Doe'
5>>> Person.objects.raw('SELECT * FROM myapp_person WHERE last_name = %s', [lname])
6