innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #26899 -- Documented why RawSQL params is a required parameter.

This commit is contained in:
petedmarsh 2016-07-21 15:28:31 +01:00 committed by Tim Graham
parent ca32979cdc
commit 7bf3ba0d0c
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/models/expressions.txt
View File

@ -459,7 +459,9 @@ should avoid them if possible.
You should be very careful to escape any parameters that the user can You should be very careful to escape any parameters that the user can
control by using ``params`` in order to protect against :ref:`SQL injection control by using ``params`` in order to protect against :ref:`SQL injection
attacks <sql-injection-protection>`. attacks <sql-injection-protection>`. ``params`` is a required argument to
force you to acknowledge that you're not interpolating your SQL with user
provided data.
.. currentmodule:: django.db.models .. currentmodule:: django.db.models