Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #12409 -- Corrected some documentation typos in the docs on raw…

… querysets. Also added a missing __init__.py file. Thanks to Alex Gaynor for the reports.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11924 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 79d6e402e3a19490f2ab2c24cbe4b416ee8926e7 1 parent c804179
Russell Keith-Magee authored December 21, 2009
4  docs/topics/db/sql.txt
@@ -154,13 +154,13 @@ parameters from the ``params`` list.
154 154
 
155 155
     It's tempting to write the above query as::
156 156
 
157  
-        >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s', % lname
  157
+        >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s' % lname
158 158
         >>> Person.objects.raw(query)
159 159
 
160 160
     **Don't.**
161 161
 
162 162
     Using the ``params`` list completely protects you from `SQL injection
163  
-    attacks`__`, a common exploit where attackers inject arbitrary SQL into
  163
+    attacks`__, a common exploit where attackers inject arbitrary SQL into
164 164
     your database. If you use string interpolation, sooner or later you'll
165 165
     fall victim to SQL injection. As long as you remember to always use the
166 166
     ``params`` list you'll be protected.
0  tests/modeltests/raw_query/__init__.py
No changes.

0 notes on commit 79d6e40

Please sign in to comment.
Something went wrong with that request. Please try again.