summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Willison <swillison@gmail.com>2021-03-23 16:03:23 -0700
committerCarlton Gibson <carlton@noumenal.es>2021-03-25 10:28:20 +0100
commite53159747c53ca8db6c338998493fd8697d38fac (patch)
treec6888e6fe5df585907b3f9cd883f453617e11ccf
parentf3825248a2327b47798b358c96cfb183dcb49418 (diff)
Doc'd that RawSQL can be used with __in.
-rw-r--r--docs/ref/models/expressions.txt6
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/ref/models/expressions.txt b/docs/ref/models/expressions.txt
index 06d9887658..9ab502d244 100644
--- a/docs/ref/models/expressions.txt
+++ b/docs/ref/models/expressions.txt
@@ -699,12 +699,16 @@ Sometimes database expressions can't easily express a complex ``WHERE`` clause.
In these edge cases, use the ``RawSQL`` expression. For example::
>>> from django.db.models.expressions import RawSQL
- >>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))
+ >>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (param,)))
These extra lookups may not be portable to different database engines (because
you're explicitly writing SQL code) and violate the DRY principle, so you
should avoid them if possible.
+``RawSQL`` expressions can also be used as the target of ``__in`` filters::
+
+ >>> queryset.filter(id__in=RawSQL("select id from sometable where col = %s", (param,)))
+
.. warning::
To protect against `SQL injection attacks