mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-27 21:55:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Mention other placeholders

Browse source
This commit is contained in:
Andrew M. Kuchling 2006-06-07 17:04:01 +00:00
parent 3b336c7ced
commit e275d3d4ce
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Doc/lib/libsqlite3.tex
View file

@ -47,10 +47,11 @@ variables. You shouldn't assemble your query using Python's string
operations because doing so is insecure; it makes your program operations because doing so is insecure; it makes your program
vulnerable to an SQL injection attack. vulnerable to an SQL injection attack.
Instead, use SQLite's parameter substitution. Put \samp{?} as a Instead, use the DB-API's parameter substitution. Put \samp{?} as a
placeholder wherever you want to use a value, and then provide a tuple placeholder wherever you want to use a value, and then provide a tuple
of values as the second argument to the cursor's \method{execute()} of values as the second argument to the cursor's \method{execute()}
method. For example: method. (Other database modules may use a different placeholder,
such as \samp{\%s} or \samp{:1}.) For example:
\begin{verbatim} \begin{verbatim}
# Never do this -- insecure! # Never do this -- insecure!