diff options
| -rw-r--r-- | Doc/library/sqlite3.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Doc/library/sqlite3.rst b/Doc/library/sqlite3.rst index 0745cefe37..f7aca70601 100644 --- a/Doc/library/sqlite3.rst +++ b/Doc/library/sqlite3.rst @@ -51,6 +51,12 @@ Usually your SQL operations will need to use values from Python variables. You shouldn't assemble your query using Python's string operations because doing so is insecure; it makes your program vulnerable to an SQL injection attack. +The data you've saved is persistent and is available in subsequent sessions:: + + import sqlite3 + conn = sqlite3.connect('/tmp/example') + c = conn.cursor() + Instead, use the DB-API's parameter substitution. Put ``?`` as a placeholder wherever you want to use a value, and then provide a tuple of values as the second argument to the cursor's :meth:`~Cursor.execute` method. (Other database |