Mention other placeholders

author Andrew M. Kuchling <amk@amk.ca>

Wed, 7 Jun 2006 17:02:52 +0000 (17:02 +0000)

committer Andrew M. Kuchling <amk@amk.ca>

Wed, 7 Jun 2006 17:02:52 +0000 (17:02 +0000)
author Andrew M. Kuchling <amk@amk.ca>
Wed, 7 Jun 2006 17:02:52 +0000 (17:02 +0000)
committer Andrew M. Kuchling <amk@amk.ca>
Wed, 7 Jun 2006 17:02:52 +0000 (17:02 +0000)
diff --git a/Doc/whatsnew/whatsnew25.tex b/Doc/whatsnew/whatsnew25.tex

index 84340d49dc766f7aeb2ee3c892fea78674e2bbc3..c777cd4fc4fdabf0e55e5f6f23980d80f31ec14f 100644 (file)
--- a/Doc/whatsnew/whatsnew25.tex
+++ b/Doc/whatsnew/whatsnew25.tex
@@ -1923,10 +1923,11 @@ variables.  You shouldn't assemble your query using Python's string
  operations because doing so is insecure; it makes your program
  vulnerable to an SQL injection attack.  
  
-Instead, use SQLite's parameter substitution.  Put \samp{?} as a
+Instead, use the DB-API's parameter substitution.  Put \samp{?} as a
  placeholder wherever you want to use a value, and then provide a tuple
  of values as the second argument to the cursor's \method{execute()}
-method.  For example:
+method.  (Other database modules may use a different placeholder,
+such as \samp{%s} or \samp{:1}.) For example:
  
  \begin{verbatim}    
  # Never do this -- insecure!
author	Andrew M. Kuchling <amk@amk.ca>
	Wed, 7 Jun 2006 17:02:52 +0000 (17:02 +0000)
committer	Andrew M. Kuchling <amk@amk.ca>
	Wed, 7 Jun 2006 17:02:52 +0000 (17:02 +0000)