Python Django queryset额外查询中的语法错误
以下内容包含语法错误:Python Django queryset额外查询中的语法错误,python,sql,django,django-queryset,Python,Sql,Django,Django Queryset,以下内容包含语法错误: date = datetime.now()-timedelta(minutes=30) articles = Article.objects.filter(published=True).extra(select = { "views" : """ SELECT COUNT(*) FROM myapp_readership JOIN myapp_article on myapp_readership.which_article_id = myapp_a
date = datetime.now()-timedelta(minutes=30)
articles = Article.objects.filter(published=True).extra(select = {
"views" : """
SELECT COUNT(*)
FROM myapp_readership
JOIN myapp_article on myapp_readership.which_article_id = myapp_article.id
WHERE myapp_readership.reader_id = myapp_user.id
AND myapp_readership.what_time > %s """ % date,
}).order_by("-views")
背景:与上述代码相关的型号为:
class Article(models.Model):
author = models.ForeignKey(User)
published = models.BooleanField(default=False)
class Readership(models.Model):
reader = models.ForeignKey(User)
which_article = models.ForeignKey(Article)
what_time = models.DateTimeField(auto_now_add=True)
我之所以编写上述代码,是因为我试图获取所有已发表的文章,并按照过去30分钟内每篇文章所经历的独特读者群进行排序。也就是说,计算在过去的半小时内,每篇发表的文章获得了多少不同(独特)的视图,然后生成一个按这些不同视图排序的文章列表。我的代码缺少处理需求的“独特”部分——我不知道如何在这里实现这一点 您永远不应该在SQL查询中使用字符串替换,无论这是否是额外调用的一部分。您已经发现了一个原因——因为没有正确引用值——但更重要的原因是它让您可以接受SQL注入 相反,使用db api提供的工具:在这种情况下,使用
select_params.extra(
select={
"views" : """
SELECT COUNT(*)
FROM myapp_readership
JOIN myapp_article on myapp_readership.which_article_id = myapp_article.id
WHERE myapp_readership.reader_id = myapp_user.id
AND myapp_readership.what_time > %s """
},
select_params=(date,),
)
另见附注;
extraextraselect_params.extra(
select={
"views" : """
SELECT COUNT(*)
FROM myapp_readership
JOIN myapp_article on myapp_readership.which_article_id = myapp_article.id
WHERE myapp_readership.reader_id = myapp_user.id
AND myapp_readership.what_time > %s """
},
select_params=(date,),
)
另见附注;
extra%smyapp\u readership.what\u time>'%s'