traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Mention other placeholders

This commit is contained in:
Andrew M. Kuchling 2006-06-07 17:02:52 +00:00
parent 12238d72a8
commit 1271f003a6
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Doc/whatsnew/whatsnew25.tex
View File

@ -1923,10 +1923,11 @@ variables. You shouldn't assemble your query using Python's string
operations because doing so is insecure; it makes your program
vulnerable to an SQL injection attack.
Instead, use SQLite's parameter substitution. Put \samp{?} as a
Instead, use the DB-API's parameter substitution. Put \samp{?} as a
placeholder wherever you want to use a value, and then provide a tuple
of values as the second argument to the cursor's \method{execute()}
method. For example:
method. (Other database modules may use a different placeholder,
such as \samp{%s} or \samp{:1}.) For example:
\begin{verbatim}
# Never do this -- insecure!