diff options
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/models/expressions.txt | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/docs/ref/models/expressions.txt b/docs/ref/models/expressions.txt index a07b57e815..667285adbb 100644 --- a/docs/ref/models/expressions.txt +++ b/docs/ref/models/expressions.txt @@ -459,7 +459,9 @@ should avoid them if possible. You should be very careful to escape any parameters that the user can control by using ``params`` in order to protect against :ref:`SQL injection - attacks <sql-injection-protection>`. + attacks <sql-injection-protection>`. ``params`` is a required argument to + force you to acknowledge that you're not interpolating your SQL with user + provided data. .. currentmodule:: django.db.models |
