Within queries.py some SQL queries are created by string formatting. This is a possible point for SQL injections.
SQLalchemy uses the TextClause object for simple SQL queries. In it, you can specify placeholders that will be replaced with values from a dictionary when the query is executed using the execute method.
[ ] Check compatibility with pandas.read_sql_query
Within queries.py some SQL queries are created by string formatting. This is a possible point for SQL injections. SQLalchemy uses the TextClause object for simple SQL queries. In it, you can specify placeholders that will be replaced with values from a dictionary when the query is executed using the execute method.