From 5cc619078860c13ae910b26cd2ab5c11508c023f Mon Sep 17 00:00:00 2001
From: petedmarsh <petedmarsh@users.noreply.github.com>
Date: Thu, 21 Jul 2016 15:28:31 +0100
Subject: [PATCH] [1.10.x] Fixed #26899 -- Documented why RawSQL params is a
 required parameter.

Backport of 7bf3ba0d0c700670d13d7683eec7bd3eb3d4dd1f from master
---
 docs/ref/models/expressions.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/ref/models/expressions.txt b/docs/ref/models/expressions.txt
index 69fad99f47..1b199c1df6 100644
--- a/docs/ref/models/expressions.txt
+++ b/docs/ref/models/expressions.txt
@@ -463,7 +463,9 @@ should avoid them if possible.
 
     You should be very careful to escape any parameters that the user can
     control by using ``params`` in order to protect against :ref:`SQL injection
-    attacks <sql-injection-protection>`.
+    attacks <sql-injection-protection>`. ``params`` is a required argument to
+    force you to acknowledge that you're not interpolating your SQL with user
+    provided data.
 
 .. currentmodule:: django.db.models