Bird
0
0

How can you safely execute a raw SQL query with user input in Django ORM?

hard📝 Application Q9 of 15
Django - Security Best Practices
How can you safely execute a raw SQL query with user input in Django ORM?
AUse raw() with parameter placeholders and pass parameters as a tuple
BUse raw() with f-string interpolation
CConcatenate user input into raw SQL string
DUse filter() with raw SQL string
Step-by-Step Solution
Solution:

  1. Step 1: Understand raw() parameterization

    raw() supports parameter placeholders like %s with parameters tuple.

  2. Step 2: Avoid unsafe string interpolation

    Using f-strings or concatenation risks injection.

  3. Final Answer:

    Use raw() with parameter placeholders and pass parameters as a tuple -> Option A

  4. Quick Check:

    Safe raw SQL = Parameter placeholders + tuple [OK]
Quick Trick: Use raw() with parameters tuple, not string interpolation [OK]
Common Mistakes:
MISTAKES
  • Using f-strings in raw()
  • Concatenating user input into SQL

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - Async middleware - Quiz 12easy Caching - Cache framework configuration - Quiz 13medium Caching - Why caching matters for performance - Quiz 11easy DRF Advanced Features - Throttling for rate limiting - Quiz 14medium DRF Advanced Features - Filtering with django-filter - Quiz 11easy Deployment and Production - Gunicorn as WSGI server - Quiz 10hard Django REST Framework Basics - ModelSerializer for model-backed APIs - Quiz 8hard Django REST Framework Basics - ViewSets and routers - Quiz 5medium Django REST Framework Basics - DRF installation and setup - Quiz 15hard Testing Django Applications - Testing views with Client - Quiz 11easy