diff options
Diffstat (limited to 'docs/topics/db/sql.txt')
| -rw-r--r-- | docs/topics/db/sql.txt | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/docs/topics/db/sql.txt b/docs/topics/db/sql.txt index 4504eb6fce..6aafa2c3b5 100644 --- a/docs/topics/db/sql.txt +++ b/docs/topics/db/sql.txt @@ -49,7 +49,8 @@ This method takes a raw SQL query, executes it, and returns a can be iterated over like a normal :class:`~django.db.models.query.QuerySet` to provide object instances. -This is best illustrated with an example. Suppose you have the following model:: +This is best illustrated with an example. Suppose you have the following +model:: class Person(models.Model): first_name = models.CharField(...) @@ -93,13 +94,13 @@ make it very powerful. .. warning:: - If you are performing queries on MySQL, note that MySQL's silent type coercion - may cause unexpected results when mixing types. If you query on a string - type column, but with an integer value, MySQL will coerce the types of all values - in the table to an integer before performing the comparison. For example, if your - table contains the values ``'abc'``, ``'def'`` and you query for ``WHERE mycolumn=0``, - both rows will match. To prevent this, perform the correct typecasting - before using the value in a query. + If you are performing queries on MySQL, note that MySQL's silent type + coercion may cause unexpected results when mixing types. If you query on a + string type column, but with an integer value, MySQL will coerce the types + of all values in the table to an integer before performing the comparison. + For example, if your table contains the values ``'abc'``, ``'def'`` and you + query for ``WHERE mycolumn=0``, both rows will match. To prevent this, + perform the correct typecasting before using the value in a query. Mapping query fields to model fields ------------------------------------ @@ -302,8 +303,8 @@ For example:: To protect against SQL injection, you must not include quotes around the ``%s`` placeholders in the SQL string. -Note that if you want to include literal percent signs in the query, you have to -double them in the case you are passing parameters:: +Note that if you want to include literal percent signs in the query, you have +to double them in the case you are passing parameters:: cursor.execute("SELECT foo FROM bar WHERE baz = '30%'") cursor.execute("SELECT foo FROM bar WHERE baz = '30%%' AND id = %s", [self.id]) |