mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.10.x] Fixed #26899 -- Documented why RawSQL params is a required parameter.

Browse Source 
Backport of 7bf3ba0d0c from master
This commit is contained in:
petedmarsh
2016-07-21 15:28:31 +01:00
committed by Tim Graham
parent c8d166241f
commit 5cc6190788
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/models/expressions.txt
View File

@@ -463,7 +463,9 @@ should avoid them if possible.
You should be very careful to escape any parameters that the user can You should be very careful to escape any parameters that the user can
control by using ``params`` in order to protect against :ref:`SQL injection control by using ``params`` in order to protect against :ref:`SQL injection
attacks <sql-injection-protection>`. attacks <sql-injection-protection>`. ``params`` is a required argument to
force you to acknowledge that you're not interpolating your SQL with user
provided data.
.. currentmodule:: django.db.models .. currentmodule:: django.db.models