mirror of https://github.com/django/django.git
Fixed #26899 -- Documented why RawSQL params is a required parameter.
This commit is contained in:
parent
ca32979cdc
commit
7bf3ba0d0c
|
@ -459,7 +459,9 @@ should avoid them if possible.
|
||||||
|
|
||||||
You should be very careful to escape any parameters that the user can
|
You should be very careful to escape any parameters that the user can
|
||||||
control by using ``params`` in order to protect against :ref:`SQL injection
|
control by using ``params`` in order to protect against :ref:`SQL injection
|
||||||
attacks <sql-injection-protection>`.
|
attacks <sql-injection-protection>`. ``params`` is a required argument to
|
||||||
|
force you to acknowledge that you're not interpolating your SQL with user
|
||||||
|
provided data.
|
||||||
|
|
||||||
.. currentmodule:: django.db.models
|
.. currentmodule:: django.db.models
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue