Clarify that magic parameters don't work for custom SQL

pull/1616/head
Simon Willison 2022-01-25 10:39:03 -08:00 zatwierdzone przez GitHub
rodzic 68cc1e2dbb
commit 84391763a8
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
1 zmienionych plików z 2 dodań i 0 usunięć

Wyświetl plik

@ -275,6 +275,8 @@ Magic parameters
Named parameters that start with an underscore are special: they can be used to automatically add values created by Datasette that are not contained in the incoming form fields or query string.
These magic parameters are only supported for canned queries: to avoid security issues (such as queries that extract the user's private cookies) they are not available to SQL that is executed by the user as a custom SQL query.
Available magic parameters are:
``_actor_*`` - e.g. ``_actor_id``, ``_actor_name``