In Django ORM, parameters can be passed dynamically
2024
1. Basic Query with Parameters
You can use keyword arguments to filter or modify the query.
Example:
field_name = "title"
value = "Fan"
products = Product.object.filter(**{field_name: value})
filter(**{field_name: value}): Dynamically constructs the query by passing a dictionary of field-value pairs.
Equivalent Query:
SELECT * FROM products WHERE title = 'Product A';
2. Passing Multiple Parameters
You can pass multiple parameters dynamically by extending the dictionary.
Example:
query_params = {
"price__gte": 100,
"proce_lte": 200,
}
products = Product.objects.filter(**query_params)Equivalent Query:
SELECT * FROM products WHERE price >= 10 AND price <= 100;
3. Dynamic Ordering
You can dynamically pass field names into the .order_by() method.
Example:
pythonCopy codeorder_by_field = "-price" # Use '-' for descending order
products = Product.objects.all().order_by(order_by_field)
Equivalent Query:
sqlCopy codeSELECT * FROM products ORDER BY price DESC;
4. Using get() with Parameters
For fetching a single record, use get() with parameters.
Example:
pythonCopy codefield_name = "id"
value = 1
product = Product.objects.get(**{field_name: value})
Equivalent Query:
sqlCopy codeSELECT * FROM products WHERE id = 1;
5. Combining filter() and exclude()
You can dynamically pass parameters to filter or exclude results.
Example:
pythonCopy codefilter_params = {"price__gte": 20}
exclude_params = {"title__icontains": "outdated"}
products = Product.objects.filter(**filter_params).exclude(**exclude_params)
Equivalent Query:
sqlCopy codeSELECT * FROM products WHERE price >= 20 AND title NOT LIKE '%outdated%';
6. Passing Parameters to Query Annotations
You can dynamically pass parameters for annotations.
Example:
pythonCopy codefrom django.db.models import F
discount_field = "price"
discount_value = 0.9
products = Product.objects.annotate(discounted_price=F(discount_field) * discount_value)
7. Using Q Objects for Complex Queries
When combining conditions with OR or dynamically constructing complex conditions, use Q objects.
Example:
pythonCopy codefrom django.db.models import Q
filter_field = "title"
value = "Special Product"
products = Product.objects.filter(Q(**{filter_field: value}) | Q(price__lt=10))
Equivalent Query:
sqlCopy codeSELECT * FROM products WHERE title = 'Special Product' OR price < 10;
8. Pagination with Parameters
You can use dynamic parameters for slicing.
Example:
pythonCopy codestart = 0
end = 10
products = Product.objects.all()[start:end]
Equivalent Query:
sqlCopy codeSELECT * FROM products LIMIT 10 OFFSET 0;
9. Custom SQL with Raw Queries
For raw SQL queries, parameters can be passed using placeholders.
Example:
pythonCopy codefrom django.db import connection
title_param = "Product A"
with connection.cursor() as cursor:
cursor.execute("SELECT * FROM products WHERE title = %s", [title_param])
rows = cursor.fetchall()
Best Practices
- Validation: Always validate parameters passed dynamically to prevent incorrect queries.
- Avoid Raw SQL if Possible: Use Django ORM wherever possible to leverage its built-in protection against SQL injection.
- Dynamic Filtering Helper: Create a helper function to build dynamic queries if you often need flexible filtering.
