## select提供簡單數據
# SELECT age, (age > 18) as is_adult FROM myapp_person;
Person.objects.all().extra(select={‘is_adult‘: "age > 18"})

## where提供查詢條件
# SELECT * FROM myapp_person WHERE first||last ILIKE ‘jeffrey%‘;
Person.objects.all().extra(where=["first||last ILIKE ‘jeffrey%‘"])

## table連接其它表
 

# SELECT * FROM myapp_book, myapp_person WHERE last = author_last
Book.objects.all().extra(table=[‘myapp_person‘], where=[‘last = author_last‘])

## params添參數
# !! 錯誤的方式 !!
first_name = ‘Joe‘  # 如果first_name中有SQL特定字符就會出現漏洞
Person.objects.all().extra(where=["first = ‘%s‘" % first_name])
# 正確方式
Person.objects.all().extra(where=["
 
first = ‘%s‘"], params=[first_name])

extra源碼

def extra(self, select=None, where=None, params=None, tables=None,
              order_by=None, select_params=None):
        """
        Adds extra SQL fragments to the query.
        """
        assert self.query.can_filter(),                 "Cannot change a query once a slice has been taken
 
"
        clone = self._clone()
        clone.query.add_extra(select, select_params, where, params, tables, order_by)
        return clone

django模型方法extra