Code

Ticket #12409: 12409.diff

File 12409.diff, 880 bytes (added by ramiro, 4 years ago)

Patch for reported, other typos

Line 
1diff -r 61f2217dfc1c docs/topics/db/sql.txt
2--- a/docs/topics/db/sql.txt    Sat Dec 19 23:46:58 2009 -0300
3+++ b/docs/topics/db/sql.txt    Sun Dec 20 00:40:41 2009 -0300
4@@ -154,13 +154,13 @@
5 
6     It's tempting to write the above query as::
7 
8-        >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s', % lname
9+        >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s' % lname
10         >>> Person.objects.raw(query)
11 
12     **Don't.**
13 
14     Using the ``params`` list completely protects you from `SQL injection
15-    attacks`__`, a common exploit where attackers inject arbitrary SQL into
16+    attacks`__, a common exploit where attackers inject arbitrary SQL into
17     your database. If you use string interpolation, sooner or later you'll
18     fall victim to SQL injection. As long as you remember to always use the
19     ``params`` list you'll be protected.