Berker Peksag added the comment:
Looking at this again, I think the current version of the documentation should
stay as-is. Perhaps my patch can make the insecure example separated from the
secure one, but I don't think it's worth to apply it.
--
resolution: -> rejected
stage: patch
Berker Peksag added the comment:
> I think it is pretty hard to miss "Never do this" when reading the code
> section.
I agree with David. However, I may be biased since I spend a lot of time
reading docs.python.org :) Here is a patch that moves the insecure example to a
separate code block.
R. David Murray added the comment:
I think it is pretty hard to miss "Never do this" when reading the code
section. That said, I don't have a strong objection to changing it.
I've reduced the versions field to those branches this might get changed in, as
is our standard practice with the vers
New submission from Eyal Mor:
In the SQlite module documentation there a code section showing how to securely
use the sqlite.execute method.
The problem with this code section is that just from a glance, without reading
the paragraph before, or the comments in the section, users could use the
