开发者

SQL injection hacks and django

Coming from a jsp and servlet backgr开发者_C百科ound I am interested to know how django copes with SQL injection hacks. As a servlet and jsp developer I would use prepared statements which gives me some form of protection. How does django cope with custom queries, for example a custom search field.


If you use querysets, django will escape your variables automatically. If you use RAW queries or things like the .extra method you'll have to take extra care and for example use parameter binding. More information about the whole thing can be found here (also very good resource about other security concerns).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜