Skip to content

C
cpython
Kaydet (Commit) 1271f003 authored tarafından Andrew M. Kuchling's avatar Andrew M. Kuchling
Dosyalara gözat
Seçenekler

Mention other placeholders

üst 12238d72
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
Doc/whatsnew/whatsnew25.tex
Dosyayı görüntüle @ 1271f003
...@@ -1923,10 +1923,11 @@ variables. You shouldn't assemble your query using Python's string ...@@ -1923,10 +1923,11 @@ variables. You shouldn't assemble your query using Python's string
operations because doing so is insecure; it makes your program operations because doing so is insecure; it makes your program
vulnerable to an SQL injection attack. vulnerable to an SQL injection attack.
Instead, use SQLite's parameter substitution. Put \samp{?} as a Instead, use the DB-API's parameter substitution. Put \samp{?} as a
placeholder wherever you want to use a value, and then provide a tuple placeholder wherever you want to use a value, and then provide a tuple
of values as the second argument to the cursor's \method{execute()} of values as the second argument to the cursor's \method{execute()}
method. For example: method. (Other database modules may use a different placeholder,
such as \samp{%s} or \samp{:1}.) For example:
\begin{verbatim} \begin{verbatim}
# Never do this -- insecure! # Never do this -- insecure!
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment