Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #12409 -- Corrected some documentation typos in the docs on raw…

… querysets. Also added a missing __init__.py file. Thanks to Alex Gaynor for the reports.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11924 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 79d6e402e3a19490f2ab2c24cbe4b416ee8926e7 1 parent c804179
@freakboy3742 freakboy3742 authored
View
4 docs/topics/db/sql.txt
@@ -154,13 +154,13 @@ parameters from the ``params`` list.
It's tempting to write the above query as::
- >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s', % lname
+ >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s' % lname
>>> Person.objects.raw(query)
**Don't.**
Using the ``params`` list completely protects you from `SQL injection
- attacks`__`, a common exploit where attackers inject arbitrary SQL into
+ attacks`__, a common exploit where attackers inject arbitrary SQL into
your database. If you use string interpolation, sooner or later you'll
fall victim to SQL injection. As long as you remember to always use the
``params`` list you'll be protected.
View
0  tests/modeltests/raw_query/__init__.py
No changes.
Please sign in to comment.
Something went wrong with that request. Please try again.