diff options
| author | Adam Johnson <me@adamj.eu> | 2020-05-06 05:35:26 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-05-06 06:36:16 +0200 |
| commit | cdf320dfb232fe5a22c9354acbd23477e31aabc9 (patch) | |
| tree | fa0ead2e916bd57106cd501971221af27b39f1d8 /docs/ref/models | |
| parent | fdd5eb4309535bf49b3138e0954c6da553c1adef (diff) | |
[3.0.x] Fixed a/an typos in "SQL" usage.
Backport of 1c2c6f1b51a540bddc7ae95f4d1213688411ca44 from master
Diffstat (limited to 'docs/ref/models')
| -rw-r--r-- | docs/ref/models/expressions.txt | 12 | ||||
| -rw-r--r-- | docs/ref/models/fields.txt | 2 |
2 files changed, 7 insertions, 7 deletions
diff --git a/docs/ref/models/expressions.txt b/docs/ref/models/expressions.txt index baae1e3137..cbb3a552ae 100644 --- a/docs/ref/models/expressions.txt +++ b/docs/ref/models/expressions.txt @@ -338,7 +338,7 @@ The ``Func`` API is as follows: **extra_context ) - To avoid a SQL injection vulnerability, ``extra_context`` :ref:`must + To avoid an SQL injection vulnerability, ``extra_context`` :ref:`must not contain untrusted user input <avoiding-sql-injection-in-query-expressions>` as these values are interpolated into the SQL string rather than passed as query parameters, where the database driver would escape them. @@ -353,7 +353,7 @@ assumed to be column references and will be wrapped in ``F()`` expressions while other values will be wrapped in ``Value()`` expressions. The ``**extra`` kwargs are ``key=value`` pairs that can be interpolated -into the ``template`` attribute. To avoid a SQL injection vulnerability, +into the ``template`` attribute. To avoid an SQL injection vulnerability, ``extra`` :ref:`must not contain untrusted user input <avoiding-sql-injection-in-query-expressions>` as these values are interpolated into the SQL string rather than passed as query parameters, where the database @@ -1157,12 +1157,12 @@ SQL injection:: template = "%(function)s('%(substring)s' in %(expressions)s)" def __init__(self, expression, substring): - # substring=substring is a SQL injection vulnerability! + # substring=substring is an SQL injection vulnerability! super().__init__(expression, substring=substring) -This function generates a SQL string without any parameters. Since ``substring`` -is passed to ``super().__init__()`` as a keyword argument, it's interpolated -into the SQL string before the query is sent to the database. +This function generates an SQL string without any parameters. Since +``substring`` is passed to ``super().__init__()`` as a keyword argument, it's +interpolated into the SQL string before the query is sent to the database. Here's a corrected rewrite:: diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt index 9a3de0db78..2fad2d64b7 100644 --- a/docs/ref/models/fields.txt +++ b/docs/ref/models/fields.txt @@ -1440,7 +1440,7 @@ relation works. null=True, ) - ``on_delete`` doesn't create a SQL constraint in the database. Support for + ``on_delete`` doesn't create an SQL constraint in the database. Support for database-level cascade options :ticket:`may be implemented later <21961>`. The possible values for :attr:`~ForeignKey.on_delete` are found in |
