playground
/
flask
mirror of https://github.com/mitsuhiko/flask.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Warn about SQL injection in the tutorial.

pull/112/head
Ron DuPlain 15 years ago committed by Armin Ronacher
parent
82b143f972
commit
b4b2f42f48
1 changed files with 7 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      docs/tutorial/views.rst

7
docs/tutorial/views.rst
Unescape View File

@ -48,6 +48,13 @@ redirect back to the `show_entries` page::
Note that we check that the user is logged in here (the `logged_in` key is
present in the session and `True`).
.. admonition:: Security Note
Be sure to use question marks when building SQL statements, as done in the
example above. Otherwise, your app will be vulnerable to SQL injection when
you use string formatting to build SQL statements.
See :ref:`sqlite3` for more.
Login and Logout
----------------

Write Preview
Loading…
Cancel
Save