Does peewee escape parameters to protect from SQL injection?
788 views
Skip to first unread message
Tuukka Mustonen
Feb 25, 2015, 10:32:33 AM2/25/15
to peewe...@googlegroups.com
I'm pretty sure the answer is yes, but does this text still apply? https://github.com/coleifer/peewee/commit/ccad920f7b2758d94b5921b08e87ecad3343ab64
It resolved https://github.com/coleifer/peewee/issues/215
I couldn't find that text (or similar) from the docs anymore.
Tuukka
Stefano Menci
Feb 25, 2015, 10:53:22 AM2/25/15
to peewe...@googlegroups.com
Yes.
If you create a query and print it, you will see how the query is built.
query = Model.select().where(...
print(query)
Charles Leifer
Feb 25, 2015, 12:30:33 PM2/25/15
to peewe...@googlegroups.com
Yes, peewee will prevent SQL injections.
--
You received this message because you are subscribed to the Google Groups "peewee-orm" group.
To unsubscribe from this group and stop receiving emails from it, send an email to peewee-orm+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tuukka Mustonen
Feb 26, 2015, 3:03:21 AM2/26/15
to peewe...@googlegroups.com
Nice, maybe add that text back to docs then (unless there was a reason to remove it...). There's nothing about security in the docs now (or I didn't find it).
Tuukka
Charles Leifer
Feb 26, 2015, 1:12:01 PM2/26/15
to peewe...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages