#22493: Documentation for raw() and extra() should warn about SQL injection
--------------------------------------+------------------------------------
Reporter: erikr | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by timo):
* needs_better_patch: => 0
* needs_docs: => 0
* needs_tests: => 0
* stage: Unreviewed => Accepted
Comment:
`extra()` does say "Always use params instead of embedding values directly
into where because params will ensure values are quoted correctly
according to your particular backend. For example, quotes will be escaped
correctly." but I agree this warning is not very prominent.
--
Ticket URL: <https://code.djangoproject.com/ticket/22493#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.5c930f906f211b53d2fa80d9d4f49d18%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
