diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2009-12-21 02:01:24 +0000 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2009-12-21 02:01:24 +0000 |
commit | 8da7538b18bbb7a96a32cd01d71a70ef980308d4 (patch) | |
tree | e3bb9b3d7ebda5633cde234257868f2f0481a0d6 | |
parent | 576b641c517a656fb7bd654337ed172504cc8c5f (diff) | |
download | django-8da7538b18bbb7a96a32cd01d71a70ef980308d4.tar.gz |
[soc2009/multidb] Merged up to trunk r11924.
git-svn-id: http://code.djangoproject.com/svn/django/branches/soc2009/multidb@11925 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r-- | django/template/loader.py | 2 | ||||
-rw-r--r-- | docs/topics/db/sql.txt | 4 | ||||
-rw-r--r-- | tests/modeltests/raw_query/__init__.py | 0 |
3 files changed, 3 insertions, 3 deletions
diff --git a/django/template/loader.py b/django/template/loader.py index 8b3c8e3fb5..74ad7eee01 100644 --- a/django/template/loader.py +++ b/django/template/loader.py @@ -80,7 +80,7 @@ def find_template_loader(loader): module, attr = loader.rsplit('.', 1) try: mod = import_module(module) - except ImportError: + except ImportError, e: raise ImproperlyConfigured('Error importing template source loader %s: "%s"' % (loader, e)) try: TemplateLoader = getattr(mod, attr) diff --git a/docs/topics/db/sql.txt b/docs/topics/db/sql.txt index 57834eb98a..45aa4f950e 100644 --- a/docs/topics/db/sql.txt +++ b/docs/topics/db/sql.txt @@ -154,13 +154,13 @@ parameters from the ``params`` list. It's tempting to write the above query as:: - >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s', % lname + >>> query = 'SELECT * FROM myapp_person WHERE last_name = %s' % lname >>> Person.objects.raw(query) **Don't.** Using the ``params`` list completely protects you from `SQL injection - attacks`__`, a common exploit where attackers inject arbitrary SQL into + attacks`__, a common exploit where attackers inject arbitrary SQL into your database. If you use string interpolation, sooner or later you'll fall victim to SQL injection. As long as you remember to always use the ``params`` list you'll be protected. diff --git a/tests/modeltests/raw_query/__init__.py b/tests/modeltests/raw_query/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/tests/modeltests/raw_query/__init__.py |