On Nov 9, 10:06 pm, xvga <vgri...@gmail.com> wrote:
> Hi All,
>
> my question is linked to this thread, so I post here
>
> I need to run sql query with LIKE and % in the end - I have tried %%
> and %%%%:
> CLASSNAME.objects.raw("select * from table where full_name like %s%%
> ", [user_input])
> this is what I get as sql:
> select * from table where full_name LIKE 'user_input'%
>
> I would like to use raw() method as it nicely maps data to model.
>
> Is there a way to append % to parameter so that LIKE works as
> startswith?
> or can I somehow securely escape input to use with format string?
>
> PS. I need object.raw(). I learned about djangoish way - but
> unfortunately it is not enough - I need raw sql
Well, if that's your actual query, you don't need raw SQL: you can
just do foo.objects.filter(full_name__icontains=user_input).
But presuming this is just an example, you'll need to include the % in
the user_input variable itself:
user_input = "%s%%" % user_input
CLASSNAME.objects.raw("select * from table where full_name like
%s", [user_input])
--
DR.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
