Django's documentation on objects.raw() says the following about using named parameters:
Dictionary params are not supported with the SQLite backend; with this backend, you must pass parameters as a list.
I use SQLite when running unit tests in our codebase because it's ridiculously fast in comparison to our real database backend. But since it doesn't seem to support named parameters, I cannot write tests for a certain piece of functionality that relies on them.
Is there a clean generic way to work around this limitation? As in, without resorting to hacks that could expose code to SQL injection?
I use SQLite when running unit tests in our codebase because it's ridiculously fast in comparison to our real database backend.
Unit tests should ideally be executed against the same database. sqlite is lacking in many features (just as you have discovered). If you code your tests to work with sqlite, you will probably end up coding your functions to work with it to, which means some of the features on your real database have just been made redundant.
You can make your tests against mysql or postgresql run much much faster by using the keep option to manage.py. So there really isn't any need to use sqlite for testing.
Is there a clean generic way to work around this limitation? As in, without resorting to hacks that could expose code to SQL injection?
No. I would say using sqlite instead of your real database is a hack to begin with.