Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
symlinkk
9y ago
0 comments
Save
Share
> Just a string of SQL that I compose with Python string formatting
sounds like an SQL injection waiting to happen
0 comments
2 comments · 2 top-level
top
newest
oldest
ksri
9y ago
I posted elsewhere on this thread, but take a look at JinjaSQL -
https://github.com/hashedin/jinjasql
. Let's you generate SQL from a string template without worrying about SQL injection.
Waterluvian
9y ago
Hah!! So so true.
j
/
k
navigate · click thread line to collapse
