[Python-checkins] r46710 - python/trunk/Doc/lib/libsqlite3.tex
andrew.kuchling
python-checkins at python.org
Wed Jun 7 19:04:02 CEST 2006
Author: andrew.kuchling
Date: Wed Jun 7 19:04:01 2006
New Revision: 46710
Modified:
python/trunk/Doc/lib/libsqlite3.tex
Log:
Mention other placeholders
Modified: python/trunk/Doc/lib/libsqlite3.tex
==============================================================================
--- python/trunk/Doc/lib/libsqlite3.tex (original)
+++ python/trunk/Doc/lib/libsqlite3.tex Wed Jun 7 19:04:01 2006
@@ -47,10 +47,11 @@
operations because doing so is insecure; it makes your program
vulnerable to an SQL injection attack.
-Instead, use SQLite's parameter substitution. Put \samp{?} as a
+Instead, use the DB-API's parameter substitution. Put \samp{?} as a
placeholder wherever you want to use a value, and then provide a tuple
of values as the second argument to the cursor's \method{execute()}
-method. For example:
+method. (Other database modules may use a different placeholder,
+such as \samp{\%s} or \samp{:1}.) For example:
\begin{verbatim}
# Never do this -- insecure!
More information about the Python-checkins
mailing list