stackoom
  简体   繁体   中英

SQL LIKE in Django/Python

 原文  2010-02-06 02:03:58       python/ sql/ django

Question

I'm trying to run a query like this: 

SELECT * 
FROM 
    MyTable 
WHERE 
    FirstName LIKE '%[user inputted value here]%' 
    OR 
    LastName LIKE '%[that same user inputted value]%' 
    AND 
    UserID = some number

When I run the query using cursor.execute(), the inputted values are going to be escaped and quoted, which is causing an incorrect query to run. Is there a way to prevent the user inputted values from being quoted?

I'd prefer a solution not using Django's ORM, since the actual query is much more complicated than my example.

2 answers

solution1
 2  2010-02-06 02:06:09

在查询中使用foo__contains=realvaluehere

solution2
 1  2010-02-06 17:44:16

Hmm, looks like I overestimated the escapy-ness of the API. This works exactly how I want it to 

# add wildcards to query, these are **not** escaped
q = "%" + q + "%"
cursor = connection.cursor()
cursor.execute("SELECT * 
                FROM MyTable 
                WHERE 
                  LastName LIKE %s 
                  AND 
                  FirstName LIKE %s 
                  AND 
                  UserID = %s", [q, q, user_id])
results = cursor.fetchall()

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SQL LIKE query inside array in Django python mysql 'LIKE' in Django python sql "LIKE" equivalent in django query Python Django Mysql like statement macro like functionality in python django ORM 'like' query in django python Django Python SyncDB SQL Compare strings in python like the sql “like” (with “%” and “_”) Python MySQLdb WHERE SQL LIKE Python SQL variable like search
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM