Re: how to pass user input into raw sql query ?

Sent from my Samsung Galaxy smartphone. I tried daniel solution and this was right. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: how to pass user input into raw sql query ?

*Do not use string interpolation* as proposed by Bhoopesh!!! Take a look at: - SQL injection - SQL injection protection

Re: how to pass user input into raw sql query ?

On Sat., Sep. 7, 2019, 8:21 a.m. Daniel Roseman, wrote: > On Friday, 6 September 2019 20:39:58 UTC+1, Bhoopesh sisoudiya wrote: >> >> Hi Lev dev, >> >> Write your query like this >> >> >> sqlRawQuery = "Your query ... Field name= {}".format (userInput) >> >> Thanks >> Bhoopesh Kumar >> >> >>>

Re: how to pass user input into raw sql query ?

On Friday, 6 September 2019 20:39:58 UTC+1, Bhoopesh sisoudiya wrote: > > Hi Lev dev, > > Write your query like this > > > sqlRawQuery = "Your query ... Field name= {}".format (userInput) > > Thanks > Bhoopesh Kumar > > >> >> No. Do **not** do this, ever. Use SQL parameters: query =

Re: how to pass user input into raw sql query ?

Hi Lev dev, Write your query like this sqlRawQuery = "Your query ... Field name= {}".format (userInput) Thanks Bhoopesh Kumar On Fri, Sep 6, 2019, 4:29 PM leb dev wrote: > i have a django project that is connected to sql server database i am > trying to write a *select query * #convert

how to pass user input into raw sql query ?

i have a django project that is connected to sql server database i am trying to write a *select query * #convert the Django ORM into SQL query print("sql query = ",FilterQuery.query) *select * from table name where filed name = user input * *can anyone help me with this?* -- You