@@ -1823,15 +1823,18 @@ close the single quote and inject ``OR TRUE`` to select all rows::
18231823Instead, use the DB-API's parameter substitution. To insert a variable into a
18241824query string, use a placeholder in the string, and substitute the actual values
18251825into the query by providing them as a:class: `tuple ` of values to the second
1826- argument of the cursor's:meth: `~Cursor.execute ` method. An SQL statement may
1827- use one of two kinds of placeholders: question marks (qmark style) or named
1828- placeholders (named style). For the qmark style, ``parameters `` must be a
1829- :term: `sequence <sequence> `. For the named style, it can be either a
1830- :term: `sequence <sequence> ` or:class: `dict ` instance. The length of the
1831- :term: `sequence <sequence> ` must match the number of placeholders, or a
1832- :exc: `ProgrammingError ` is raised. If a:class: `dict ` is given, it must contain
1833- keys for all named parameters. Any extra items are ignored. Here's an example of
1834- both styles:
1826+ argument of the cursor's:meth: `~Cursor.execute ` method.
1827+
1828+ An SQL statement may use one of two kinds of placeholders:
1829+ question marks (qmark style) or named placeholders (named style).
1830+ For the qmark style, *parameters * must be a
1831+ :term: `sequence ` whose length must match the number of placeholders,
1832+ or a:exc: `ProgrammingError ` is raised.
1833+ For the named style, *parameters * should be
1834+ an instance of a:class: `dict ` (or a subclass),
1835+ which must contain keys for all named parameters;
1836+ any extra items are ignored.
1837+ Here's an example of both styles:
18351838
18361839..testcode ::
18371840
@@ -1858,6 +1861,11 @@ both styles:
18581861
18591862 [('C', 1972)]
18601863
1864+ ..note ::
1865+
1866+ :pep: `249 ` numeric placeholders are *not * supported.
1867+ If used, they will be interpreted as named placeholders.
1868+
18611869
18621870.. _sqlite3-adapters :
18631871