security when using MyModel.objects.get(name=some_var) in Django

Question

Hi,

Is it safe to query with object.get without escaping or validation user submitted value?

For example:

some_var = request.POST.get('some_key')
obj = MyModel.objects.get(name=some_var)

Can the user submit malicious data?

Thanks

Answer 1

The Django ORM is supposed to take care of querying the underlying DB safely on your behalf.