0
0
mirror of https://github.com/django/django.git synced 2024-12-01 15:42:04 +01:00

Fixed #26899 -- Documented why RawSQL params is a required parameter.

This commit is contained in:
petedmarsh 2016-07-21 15:28:31 +01:00 committed by Tim Graham
parent ca32979cdc
commit 7bf3ba0d0c

View File

@ -459,7 +459,9 @@ should avoid them if possible.
You should be very careful to escape any parameters that the user can
control by using ``params`` in order to protect against :ref:`SQL injection
attacks <sql-injection-protection>`.
attacks <sql-injection-protection>`. ``params`` is a required argument to
force you to acknowledge that you're not interpolating your SQL with user
provided data.
.. currentmodule:: django.db.models