mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Fixed #26899 -- Documented why RawSQL params is a required parameter.
This commit is contained in:
parent
ca32979cdc
commit
7bf3ba0d0c
@ -459,7 +459,9 @@ should avoid them if possible.
|
||||
|
||||
You should be very careful to escape any parameters that the user can
|
||||
control by using ``params`` in order to protect against :ref:`SQL injection
|
||||
attacks <sql-injection-protection>`.
|
||||
attacks <sql-injection-protection>`. ``params`` is a required argument to
|
||||
force you to acknowledge that you're not interpolating your SQL with user
|
||||
provided data.
|
||||
|
||||
.. currentmodule:: django.db.models
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user