*Do not use string interpolation* as proposed by Bhoopesh!!! Take a look at:
- SQL injection <https://en.wikipedia.org/wiki/SQL_injection> <https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection> - SQL injection protection <https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection> and - Passing parameters into raw() <https://docs.djangoproject.com/en/2.2/topics/db/sql/#passing-parameters-into-raw> On Friday, September 6, 2019 at 6:59:04 AM UTC-4, leb dev wrote: > > i have a django project that is connected to sql server database i am > trying to write a *select query * #convert the Django ORM into SQL query > print("sql query = ",FilterQuery.query) > > *select * from table name where filed name = user input * > > > *can anyone help me with this?* > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/14d1748a-9b51-47b6-83ad-7a4235c0ec9b%40googlegroups.com.
