SQL LIKE in Django/Python

Question

I'm trying to run a query like this:

SELECT * 
FROM 
    MyTable 
WHERE 
    FirstName LIKE '%[user inputted value here]%' 
    OR 
    LastName LIKE '%[that same user inputted value]%' 
    AND 
    UserID = some number

When I run the query using cursor.execute(), the inputted values are going to be escaped and quoted, which is causing an incorrect query to run. Is there a way to prevent the user inputted values from being quoted?

I'd prefer a solution not using Django's ORM, since the actual query is much more complicated than my example.

Answer 1

Use foo__contains=realvaluehere in your queries.

Answer 2

Hmm, looks like I overestimated the escapy-ness of the API. This works exactly how I want it to

# add wildcards to query, these are **not** escaped
q = "%" + q + "%"
cursor = connection.cursor()
cursor.execute("SELECT * 
                FROM MyTable 
                WHERE 
                  LastName LIKE %s 
                  AND 
                  FirstName LIKE %s 
                  AND 
                  UserID = %s", [q, q, user_id])
results = cursor.fetchall()