From 17e859d6babb2665d697d62ab8b208cc171f78e5 Mon Sep 17 00:00:00 2001
From: Julien Schmidt <julienschmidt@users.noreply.github.com>
Date: Wed, 18 Feb 2015 22:43:54 +0800
Subject: [PATCH] README: Update encoding blacklisting for interpolateParams

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f109ea034..8c76711cd 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ A MySQL-Driver for Go's [database/sql](http://golang.org/pkg/database/sql) packa
   * Intelligent `LONG DATA` handling in prepared statements
   * Secure `LOAD DATA LOCAL INFILE` support with file Whitelisting and `io.Reader` support
   * Optional `time.Time` parsing
+  * Optional placeholder interpolation
 
 ## Requirements
   * Go 1.2 or higher
@@ -192,8 +193,7 @@ Default:        false
 
 If `interpolateParams` is true, placeholders (`?`) in calls to `db.Query()` and `db.Exec()` are interpolated into a single query string with given parameters. This reduces the number of roundtrips, since the driver has to prepare a statement, execute it with given parameters and close the statement again with `interpolateParams=false`.
 
-NOTE: *This may introduce a SQL injection vulnerability when connection encoding is multibyte encoding except for UTF-8 (e.g. CP932)!*
-(See http://stackoverflow.com/a/12118602/3430118)
+*This can not be used together with the multibyte encodings BIG5, CP932, GB2312, GBK or SJIS. These are blacklisted as they may [introduce a SQL injection vulnerability](http://stackoverflow.com/a/12118602/3430118)!*
 
 ##### `loc`