mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed a/an typos in "SQL" usage.

Browse Source
This commit is contained in:
Adam Johnson
2020-05-06 05:35:26 +01:00
committed by GitHub
parent aff7a58aef
commit 1c2c6f1b51
7 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/ref/models/expressions.txt
View File

@@ -338,7 +338,7 @@ The ``Func`` API is as follows:
**extra_context
)
To avoid a SQL injection vulnerability, ``extra_context`` :ref:`must
To avoid an SQL injection vulnerability, ``extra_context`` :ref:`must
not contain untrusted user input <avoiding-sql-injection-in-query-expressions>`
as these values are interpolated into the SQL string rather than passed
as query parameters, where the database driver would escape them.
@@ -353,7 +353,7 @@ assumed to be column references and will be wrapped in ``F()`` expressions
while other values will be wrapped in ``Value()`` expressions.
The ``**extra`` kwargs are ``key=value`` pairs that can be interpolated
into the ``template`` attribute. To avoid a SQL injection vulnerability,
into the ``template`` attribute. To avoid an SQL injection vulnerability,
``extra`` :ref:`must not contain untrusted user input
<avoiding-sql-injection-in-query-expressions>` as these values are interpolated
into the SQL string rather than passed as query parameters, where the database
@@ -1151,12 +1151,12 @@ SQL injection::
template = "%(function)s('%(substring)s' in %(expressions)s)"
def __init__(self, expression, substring):
# substring=substring is a SQL injection vulnerability!
# substring=substring is an SQL injection vulnerability!
super().__init__(expression, substring=substring)
This function generates a SQL string without any parameters. Since ``substring``
is passed to ``super().__init__()`` as a keyword argument, it's interpolated
into the SQL string before the query is sent to the database.
This function generates an SQL string without any parameters. Since
``substring`` is passed to ``super().__init__()`` as a keyword argument, it's
interpolated into the SQL string before the query is sent to the database.
Here's a corrected rewrite::

2
docs/ref/models/fields.txt
View File

@@ -1457,7 +1457,7 @@ relation works.
null=True,
)
``on_delete`` doesn't create a SQL constraint in the database. Support for
``on_delete`` doesn't create an SQL constraint in the database. Support for
database-level cascade options :ticket:`may be implemented later <21961>`.
The possible values for :attr:`~ForeignKey.on_delete` are found in