开发者

SQL LIKE in Django/Python

问答 作者:

I'm trying to run a query like this:

SELECT * 
FROM 
    MyTable 
WHERE 
    FirstName LIKE '%[user inputted value here]%' 
    OR 
    LastName LIKE '%[that same user inputted value]%' 
    AND 
    UserID = some number

When I run the query using cursor.execute(), the inputted values are going to be escaped and quoted, which is causing an incorrect query to run. Is there a way to prevent the user inputted values from being quoted?

I'd prefer a solution not using Django's ORM, since the actual query is much more complica开发者_运维问答ted than my example.

Use foo__contains=realvaluehere in your queries.

Hmm, looks like I overestimated the escapy-ness of the API. This works exactly how I want it to

# add wildcards to query, these are **not** escaped
q = "%" + q + "%"
cursor = connection.cursor()
cursor.execute("SELECT * 
                FROM MyTable 
                WHERE 
                  LastName LIKE %s 
                  AND 
                  FirstName LIKE %s 
                  AND 
                  UserID = %s", [q, q, user_id])
results = cursor.fetchall()

继续阅读:djangopythonsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9