Ticket #12409: 12409.diff

File 12409.diff, 880 bytes (added by Ramiro Morales, 15 years ago)

Patch for reported, other typos

  • docs/topics/db/sql.txt

    diff -r 61f2217dfc1c docs/topics/db/sql.txt
    a b  
    154154
    155155    It's tempting to write the above query as::
    156156
    157         >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s', % lname
     157        >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s' % lname
    158158        >>> Person.objects.raw(query)
    159159
    160160    **Don't.**
    161161
    162162    Using the ``params`` list completely protects you from `SQL injection
    163     attacks`__`, a common exploit where attackers inject arbitrary SQL into
     163    attacks`__, a common exploit where attackers inject arbitrary SQL into
    164164    your database. If you use string interpolation, sooner or later you'll
    165165    fall victim to SQL injection. As long as you remember to always use the
    166166    ``params`` list you'll be protected.
Back to Top