Should I create a ticket on trac for this? Alexandre Martani
On 11 fev, 19:20, Robert Gravsjö <[EMAIL PROTECTED]> wrote: > Patryk Zawadzki wrote: > > --- 8< --- > > > What kind of injection? It did not terminate the SQL query, just the > > contents of one field. SQL termination in the middle of a quoted > > string would result in a failed transaction. Also, AFAIR Django uses > > prepared statements so there's no possibility to execute code from a > > Are you sure about this? Any reference (docs, code)? AFAICT django does > not use prepared statements. > > Regards, > /roppert > > > bound variable. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---