Skip to content

Commit 3751fd9

Browse files
feefladderfeefladder
authored
Update README.md
1 parent 2582614 commit 3751fd9

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -266,15 +266,15 @@ There are a couple of things you can do before panicking, namely:
266266
db.query_with_bindings("UPDATE "+ table_name +" SET "+ column_name +"=? WHERE id=?;", [100, 1])
267267
```
268268
269-
- SQLite's `query_with_bindings` as also used by `update_rows` is injection-safe. That is, any attempt to use sql inside a bound variable will escape it and insert it directly into the record. So the two equivalent statements:
269+
- SQLite's `query_with_bindings`, as also used by `update_rows`, is injection-safe. That is, any attempt to use sql inside of a bound variable will escape and insert it directly into the record. So the two equivalent statements:
270270
271271
```gdscript
272272
var table_name := "characters"
273273
db.query_with_bindings("UPDATE "+ table_name +" SET level=? WHERE id=?;", ["level+1", 1])
274274
db.update_rows(table_name, "id=1", {"level":"level+1"})
275275
```
276276

277-
will insert a literal `'level+1'` into the database, in stead of incrementing the value by one. In stead, build a direct query like before:
277+
will insert a literal `'level+1'` into the database, instead of incrementing the value by one. In stead, build a direct query:
278278

279279
```gdscript
280280
var table_name := "characters"

0 commit comments

Comments
 (0)