The value of "title" parameter in query string is "' OR 'a'='a"
Code:
Generated query by django is:
qry = "SELECT * FROM books_book WHERE title='%s'" % (title)
book = Book.objects.raw(qry)
SELECT * FROM books_book WHERE title='' OR 'a'='a'
And it is displaying all books