Djangoframework~30 mins

SQL injection protection via ORM in Django - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

SQL Injection Protection via ORM in Django

📖 Scenario: You are building a simple Django app to manage a list of books in a library. Users can search for books by title. To keep the app safe, you want to protect it from SQL injection attacks by using Django's ORM properly.

🎯 Goal: Build a Django model for books, set up a search query using Django ORM to safely filter books by title, and complete the view to return the filtered results.

📋 What You'll Learn

Create a Django model named Book with fields title (string) and author (string).

Create a variable search_term with the exact value 'Django'.

Use Django ORM's filter() method with title__icontains=search_term to get matching books.

Complete the view function to return the filtered books queryset.

💡 Why This Matters

🌍 Real World

Web applications often need to query databases based on user input. Using ORM methods like Django's filter protects against SQL injection, a common security risk.

💼 Career

Understanding how to safely query databases using ORM is essential for backend developers to build secure web applications.

Progress0 / 4 steps

Create the Book model

Create a Django model called Book with two fields: title and author, both as models.CharField with max_length=100.

Django

# Your code here

Need a hint?

Use models.CharField(max_length=100) for both fields inside the Book class.

Set the search term variable

Create a variable called search_term and set it exactly to the string 'Django'.

Django

from django.db import models

class Book(models.Model):
    title = models.CharField(max_length=100)
    author = models.CharField(max_length=100)

# Your code here

Need a hint?

Assign the string 'Django' to the variable search_term.

Filter books using ORM safely

Use Django ORM's Book.objects.filter() with title__icontains=search_term to create a variable called filtered_books that holds the filtered queryset.

Django

from django.db import models

class Book(models.Model):
    title = models.CharField(max_length=100)
    author = models.CharField(max_length=100)

search_term = 'Django'

# Your code here

Need a hint?

Use Book.objects.filter(title__icontains=search_term) to get books with titles containing the search term.

Complete the view function

Define a Django view function called search_books that takes request as a parameter and returns the filtered_books queryset.

Django

from django.db import models

class Book(models.Model):
    title = models.CharField(max_length=100)
    author = models.CharField(max_length=100)

search_term = 'Django'

filtered_books = Book.objects.filter(title__icontains=search_term)

# Your code here

Need a hint?

Define a function search_books that returns the filtered_books queryset.