Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Cross-origin Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Cross-origin Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Cross-origin Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Cross-origin Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

examples send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Cross-origin examples send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

that the user can control by using params in order to protect against SQL injection attacks. Please read more about SQL injection protection. Performing raw queries The raw() manager method can be used of these mistakes. As discussed in SQL injection protection, using the params argument and leaving the placeholders unquoted pro- tects you from SQL injection attacks, a common exploit where attackers your database. If you use string interpolation or quote the placeholder, you’re at risk for SQL injection. 156 Chapter 3. Using Django Django Documentation, Release 4.0.11.dev20230214085346 Executing

Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Cross-origin Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer policy Session security Quick example send_mail() send_mass_mail() mail_admins() mail_managers() Examples Preventing header injection The EmailMessage class Email backends Configuring email for development Internationalization and

that the user can control by using params in order to protect against SQL injection attacks. Please read more about SQL injection protection. 194 Chapter 3. Using Django Django Documentation, Release 5 of these mistakes. As discussed in SQL injection protection, using the params argument and leaving the placeholders un- quoted protects you from SQL injection attacks, a common exploit where attackers your database. If you use string interpolation or quote the placeholder, you’re at risk for SQL injection. Executing custom SQL directly Sometimes even Manager.raw() isn’t quite enough: you might need

that the user can control by using params in order to protect against SQL injection attacks. Please read more about SQL injection protection. 194 Chapter 3. Using Django Django Documentation, Release 5 of these mistakes. As discussed in SQL injection protection, using the params argument and leaving the placeholders un- quoted protects you from SQL injection attacks, a common exploit where attackers your database. If you use string interpolation or quote the placeholder, you’re at risk for SQL injection. Executing custom SQL directly Sometimes even Manager.raw() isn’t quite enough: you might need