Skip to content

Allow queries with parameters to avoid SQL injection#75

Open
kljh wants to merge 2 commits intoyhat:masterfrom
kljh:master
Open

Allow queries with parameters to avoid SQL injection#75
kljh wants to merge 2 commits intoyhat:masterfrom
kljh:master

Conversation

@kljh
Copy link

@kljh kljh commented Apr 5, 2019

Allow queries with parameters to avoid SQL injection and issues with escaping strings.

This means we can replace
df = sqldf("select * from df where id='"+id+"'")
with the parametrised query
df = sqldf("select * from df where id=?", params = (id, ))
which will work even if the variable id contains single quotes.

Thanks a lot for this nice project.

kljh added 2 commits April 5, 2019 21:52
@kljh
Allow queries with parameters to avoid SQL injection / issues with es…
424051b 
…caping strings.

This means we can replace
  df = sqldf("select * from df where id='"+id+"'")
with the parametrised query
  df = sqldf("select * from df where id=?", params = (id, ))
which will work even if the variable id contains single quotes.

Thanks a lot for this nice project.
@kljh
Allow registration of user defined functions (SQLite only)
23e477b 
See examples/demo2.py
@pkvprakash
Copy link

pkvprakash commented Jul 21, 2020
edited
Loading

@aplavin Can you please review this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kljh @pkvprakash