Changes between Initial Version and Version 1 of Ticket #25705, comment 13
- Timestamp:
- Jul 12, 2024, 9:20:01 AM (2 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #25705, comment 13
initial v1 9 9 > }}} 10 10 11 We absolutely don't want to support this pattern in a context where we can't guarantee that the proper quoting is performed on all supported backends as that might result in SQL injection problems. In this sense I think that it's a good thing that ` qs.query` doesn't evenattempt to perform the proper quoting to make it clear it should not be used for this purpose.11 We absolutely don't want to support this pattern in a context where we can't guarantee that the proper quoting is performed on all supported backends as that might result in SQL injection problems. In this sense I think that it's a good thing that `sql.Query.__str__` doesn't attempt to perform the proper quoting to make it clear it should not be used for this purpose. 12 12 13 13 I'd much rather see us document `sql.Query.sql_with_params(using: str = DEFAULT_DB_ALIAS)` which could be used as