Merge branch 'master' of github.com:mitsuhiko/flask

2010-07-16 13:16:18 +02:00 · 2010-07-16 13:16:18 +02:00 · e20534dbf5
commit e20534dbf5
parent 70dc2b66a0 b4b2f42f48
1 changed files with 7 additions and 0 deletions
--- a/docs/tutorial/views.rst
+++ b/docs/tutorial/views.rst
@ -48,6 +48,13 @@ redirect back to the `show_entries` page::
 Note that we check that the user is logged in here (the `logged_in` key is
 present in the session and `True`).

+.. admonition:: Security Note
+
+   Be sure to use question marks when building SQL statements, as done in the
+   example above.  Otherwise, your app will be vulnerable to SQL injection when
+   you use string formatting to build SQL statements.
+   See :ref:`sqlite3` for more.
+
 Login and Logout
 ----------------