Hello, I'm new to Django (and fairly new to Python, as well), just getting started on my first project. I am not new to web development, however - I have been programming in PHP for years, and have used a couple of different MVC frameworks in my time. Data and application security have always been something I've taken very seriously.
My question is simply: Do the Django models automatically escape input? That is, if I create a Polls model and then do something like this: p = Poll(question=user_input, pub_date=datetime.datetime.now()) p.save() Am I protected against someone providing user input such as ;DROP TABLE foo;# If the Django models don't do their own escaping, how can I escape user input to prevent SQL injection attacks? I've tried searching the Django documentation, but "SQL injection" turns up nothing, and "escaping input" only produces results related to auto-escaping output in templates. Thanks in advance, Travis --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
