1
0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00

Fixed #26899 -- Documented why RawSQL params is a required parameter.

This commit is contained in:
petedmarsh
2016-07-21 15:28:31 +01:00
committed by Tim Graham
parent ca32979cdc
commit 7bf3ba0d0c

View File

@@ -459,7 +459,9 @@ should avoid them if possible.
You should be very careful to escape any parameters that the user can You should be very careful to escape any parameters that the user can
control by using ``params`` in order to protect against :ref:`SQL injection control by using ``params`` in order to protect against :ref:`SQL injection
attacks <sql-injection-protection>`. attacks <sql-injection-protection>`. ``params`` is a required argument to
force you to acknowledge that you're not interpolating your SQL with user
provided data.
.. currentmodule:: django.db.models .. currentmodule:: django.db.models