10

I know this may be something stupid but I decided to ask any way.

I've been trying to query something like:

 cursor.execute("select col1, col2   \
                    from my_tablem \
                    where afield like '%%s%'
                    and secondfield = %s
                    order by 1 desc " % (var1, var2) )

But I get an error in the like sentence. It doesn't like the extra % which I need to get all the results that contains the first %s value.

Ideas?

TIA!

Improve this question
3
  • Thanks for your quick answers! StackOverflow rules I've tried your (both) suggestions but it didn't work. Although I found a solution which I don't quit get, using: like '%%%%%s%%%%' PD: S.Lott: The actual query is a more complex grouping and sorting query Commented Mar 13, 2009 at 18:54
  • @Juan129: doesn't matter how complex it is. The question still stands. Why aren't you using the Django ORM? Commented Mar 13, 2009 at 18:58
  • Well, It's a query that uses two tables (big tables), group them by a key and then joins to get another id. I thought Grouping cannot be done in django w/o querying many times? Commented Mar 14, 2009 at 18:47

4 Answers 4

Reset to default
9

First, why aren't you using the Django ORM for this?

MyClass.objects.filter( aField__contains=var1, secondField__exact=var2 )

Second, be sure you're getting the SQL you expect.

stmt= "select... afield like '%%%s%%' and secondfield = '%s'..." % ( var1, var2 )
print stmt
cursor.execute( stmt )

Third, your method has a security hole called a SQL Injection Attack. You really should not be doing SQL like this.

If you absolutely must do things outside Django's ORM, you have to use bind variables in your query, not string substitution. See http://docs.djangoproject.com/en/dev/topics/db/sql/#performing-raw-sql-queries.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

9

can hack string '%' into search string?

var1 = '%' + var1 + '%'

then query normally:

cursor.execute("select col1, col2 
                    from my_tablem                     where afield like %s
                    and secondfield = %s
                    order by 1 desc " , [var1, var2] )
Improve this answer

Comments

5

I had a similar issue. I was trying to search among concatenated name fields. My query was something like:

sql = """SELECT * from auth_user WHERE lower(first_name) || ' ' || lower(last_name) = '%%%s%%'"""

User.objects.raw(sql, [q])

The problem was that the %% were breaking my query. The solution I wound up with was:

q = '%' + q + '%'
sql = """SELECT * from auth_user WHERE lower(first_name) || ' ' || lower(last_name) = %s"""

User.objects.raw(sql, [q])
Improve this answer

Comments

0 
Persona.objects.raw("**SELECT** id,concat_ws(' ',nombre,apellido) **AS** nombre_completo **FROM** persona **GROUP BY** id **HAVING** concat_ws(' ',nombre,apellido) **ILIKE** '%s' " % ('%%' + query + '%%'))

(Postgresql 9.1)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.