sortable_fields = ["name", "age", "gpa"]
selected_filter = sortable_fields[form.filterIndex]
if form.sortBy == "asc":
query += "ORDER BY {} ASC"
elif form.sortBy == "desc":
query += "ORDER BY {} DESC"
Doesn't have any opportunity for SQL injection unless you have rogue programmers able to change code running in prod.
