*Do not use string interpolation* as proposed by Bhoopesh!!! Take a look at:
- SQL injection <https://en.wikipedia.org/wiki/SQL_injection> <https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection> - SQL injection protection <https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection> and - Passing parameters into raw() <https://docs.djangoproject.com/en/2.2/topics/db/sql/#passing-parameters-into-raw> On Friday, September 6, 2019 at 6:59:04 AM UTC-4, leb dev wrote: > > i have a django project that is connected to sql server database i am > trying to write a *select query * #convert the Django ORM into SQL query > print("sql query = ",FilterQuery.query) > > *select * from table name where filed name = user input * > > > *can anyone help me with this?* > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/14d1748a-9b51-47b6-83ad-7a4235c0ec9b%40googlegroups.com.
