3๐
.full_clean(โฆ) [Django-doc] does not perform any checks on SQL injection, nor does the Django ORM, since it simply escapes all parameters, so even if the data contains SQL statements, these are escaped, and therefore, normally, SQL injection is not possible.
But you need to run full_clean to validate data integrity. If you define constraints on your model, these are normally validated at the full_clean part. The ORM does not run these queries.
You thus can work with:
obj = Mymodel(**data)
obj.full_clean()
obj.save()The reason that I am not using a form is that the logic on the form is quite complex in that it dynamically builds a form.
A form can remove a lot of boilerplate code, since it does not only performs validation, but also cleaning, it makes error messages more convenient, etc.
0๐
Django ORM protects the database from SQL-injections, but you are responsible for the output. For convenient data cleaning, I recommend using a DRF Serializers
- [Django]-Django template How to Convert numbers to Words
- [Django]-Should django templates name for each app be unique?
- [Django]-PyCharm: SSH Auth Fail when connecting to vagrant Postgres DB
- [Django]-How to add an extra field to a Django ModelForm?
- [Django]-Django rest framework non-model serializer