8👍
✅
Django has built in SQL injection prevention in its queryset driver.
By using Django’s querysets, the resulting SQL will be properly escaped by the underlying database driver.
Because you’re using a queryset, you’re covered for SQL injection. You may want to check that you’re comfortable with the XSS protection that Django provides. Depending on how you use the data, you may need to escape it yourself.
Source:stackexchange.com