Warn about SQL injection in the tutorial.
This commit is contained in:
Ron DuPlain
Armin Ronacher
parent
82b143f972
commit
b4b2f42f48
1 changed files with 7 additions and 0 deletions
|
|
@ -48,6 +48,13 @@ redirect back to the `show_entries` page::
|
|||
Note that we check that the user is logged in here (the `logged_in` key is
|
||||
present in the session and `True`).
|
||||
|
||||
.. admonition:: Security Note
|
||||
|
||||
Be sure to use question marks when building SQL statements, as done in the
|
||||
example above. Otherwise, your app will be vulnerable to SQL injection when
|
||||
you use string formatting to build SQL statements.
|
||||
See :ref:`sqlite3` for more.
|
||||
|
||||
Login and Logout
|
||||
----------------
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue