Mention other placeholders

This commit is contained in:
Andrew M. Kuchling 2006-06-07 17:04:01 +00:00
parent 3b336c7ced
commit e275d3d4ce
1 changed files with 3 additions and 2 deletions

View File

@ -47,10 +47,11 @@ variables. You shouldn't assemble your query using Python's string
operations because doing so is insecure; it makes your program
vulnerable to an SQL injection attack.
Instead, use SQLite's parameter substitution. Put \samp{?} as a
Instead, use the DB-API's parameter substitution. Put \samp{?} as a
placeholder wherever you want to use a value, and then provide a tuple
of values as the second argument to the cursor's \method{execute()}
method. For example:
method. (Other database modules may use a different placeholder,
such as \samp{\%s} or \samp{:1}.) For example:
\begin{verbatim}
# Never do this -- insecure!