From 7440600f2e4834072368b5602d1b26292a84ba79 Mon Sep 17 00:00:00 2001 From: Andrew Lindberg Date: Mon, 12 Oct 2020 09:31:21 -0400 Subject: [PATCH] Remove unnecessary sensationalism in docs SQL injection and failures are bad but this seems over the top. In a literal sense I'm struggling to imagine a scenario where bad interpolation is worth getting shot over. And I understand this was probably intended as hyperbole, but I don't think there's any need to invoke the spectre of violence to make the point here. --- doc/src/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/src/usage.rst b/doc/src/usage.rst index 0677a5bf..027abe6d 100644 --- a/doc/src/usage.rst +++ b/doc/src/usage.rst @@ -211,7 +211,7 @@ reliable. We must stress this point: Never, **never**, **NEVER** use Python string concatenation (``+``) or string parameters interpolation (``%``) to pass variables to a SQL query - string. Not even at gunpoint. + string. The correct way to pass variables in a SQL command is using the second argument of the `~cursor.execute()` method::