github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Clarify that magic parameters don't work for custom SQL

Browse source
This commit is contained in:
Simon Willison 2022-01-25 10:39:03 -08:00 committed by GitHub
commit 84391763a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/sql_queries.rst
View file

@ -275,6 +275,8 @@ Magic parameters
Named parameters that start with an underscore are special: they can be used to automatically add values created by Datasette that are not contained in the incoming form fields or query string.
These magic parameters are only supported for canned queries: to avoid security issues (such as queries that extract the user's private cookies) they are not available to SQL that is executed by the user as a custom SQL query.
Available magic parameters are:
``_actor_*`` - e.g. ``_actor_id``, ``_actor_name``