psycopg/psycopg2
1
1
Fork 0
mirror of https://github.com/psycopg/psycopg2.git synced 2025-07-29 17:39:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary sensationalism in docs

Browse Source 
SQL injection and failures are bad but this seems over the top. In a
literal sense I'm struggling to imagine a scenario where bad
interpolation is worth getting shot over. And I understand this was
probably intended as hyperbole, but I don't think there's any need to
invoke the spectre of violence to make the point here.
This commit is contained in:
Andrew Lindberg 2020-10-12 09:31:21 -04:00
parent 171371da5a
commit 7440600f2e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/src/usage.rst
View File

@ -211,7 +211,7 @@ reliable. We must stress this point:
Never, **never**, **NEVER** use Python string concatenation (``+``) or Never, **never**, **NEVER** use Python string concatenation (``+``) or
string parameters interpolation (``%``) to pass variables to a SQL query string parameters interpolation (``%``) to pass variables to a SQL query
string. Not even at gunpoint. string.
The correct way to pass variables in a SQL command is using the second The correct way to pass variables in a SQL command is using the second
argument of the `~cursor.execute()` method:: argument of the `~cursor.execute()` method::