Backup_Repos/beets
1
0
Fork 0
mirror of https://github.com/beetbox/beets.git synced 2025-12-06 08:39:17 +01:00
Code Issues Projects Releases Wiki Activity

Add a note about SQL injection

Browse source
This commit is contained in:
Šarūnas Nejus 2025-08-07 16:46:14 +01:00
parent 3bc653b989
commit a0ae664ae0
No known key found for this signature in database
GPG key ID: DD28F6704DBE3435
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CONTRIBUTING.rst
View file

@ -242,12 +242,12 @@ There are a few coding conventions we use in beets:
To fetch Item objects from the database, use lib.items(…) and supply a query
as an argument. Resist the urge to write raw SQL for your query. If you must
use lower-level queries into the database, do this:
use lower-level queries into the database, do this, for example:
.. code-block:: python
with lib.transaction() as tx:
rows = tx.query("SELECT …")
rows = tx.query("SELECT path FROM items WHERE album_id = ?", (album_id,))
Transaction objects help control concurrent access to the database and assist
in debugging conflicting accesses.