From: Andrew M. Kuchling <amk@amk.ca>
Date: Wed, 7 Jun 2006 17:02:52 +0000 (+0000)
Subject: Mention other placeholders
X-Git-Tag: v2.5b1~217
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1271f003a69f94d7bd5c7ed8a51c5021a2e1a6f8;p=thirdparty%2FPython%2Fcpython.git

Mention other placeholders
---

diff --git a/Doc/whatsnew/whatsnew25.tex b/Doc/whatsnew/whatsnew25.tex
index 84340d49dc76..c777cd4fc4fd 100644
--- a/Doc/whatsnew/whatsnew25.tex
+++ b/Doc/whatsnew/whatsnew25.tex
@@ -1923,10 +1923,11 @@ variables.  You shouldn't assemble your query using Python's string
 operations because doing so is insecure; it makes your program
 vulnerable to an SQL injection attack.  
 
-Instead, use SQLite's parameter substitution.  Put \samp{?} as a
+Instead, use the DB-API's parameter substitution.  Put \samp{?} as a
 placeholder wherever you want to use a value, and then provide a tuple
 of values as the second argument to the cursor's \method{execute()}
-method.  For example:
+method.  (Other database modules may use a different placeholder,
+such as \samp{%s} or \samp{:1}.) For example:
 
 \begin{verbatim}    
 # Never do this -- insecure!