orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Warn about SQL injection in the tutorial.

Browse source
This commit is contained in:
Ron DuPlain 2010-07-16 01:18:20 +08:00 committed by Armin Ronacher
parent 82b143f972
commit b4b2f42f48
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/tutorial/views.rst
View file

@ -48,6 +48,13 @@ redirect back to the `show_entries` page::
Note that we check that the user is logged in here (the `logged_in` key is Note that we check that the user is logged in here (the `logged_in` key is
present in the session and `True`). present in the session and `True`).
.. admonition:: Security Note
Be sure to use question marks when building SQL statements, as done in the
example above. Otherwise, your app will be vulnerable to SQL injection when
you use string formatting to build SQL statements.
See :ref:`sqlite3` for more.
Login and Logout Login and Logout
---------------- ----------------