If using pandas with a sqlite3 backend, I'm able to mitigate SQL-injection (I believe) through the use of params, something like:
import pandas as pd
df = pd.read_sql_query("SELECT y FROM tbl WHERE x LIKE ?", dbcon, params=("A%",))
Is there a way to do this directly in pandasql? It may be as simple as passing it directly. Thoughts?
Something like:
import pandas as pd
import pandasql
df = pd.DataFrame({"x":range(10), "y":range(10)})
pandasql.sqldf("SELECT y FROM df WHERE x = ?", params=(4,), globals())
I've also asked on stackoverflow, in case I missed docs or other ideas.
If using
pandas
with asqlite3
backend, I'm able to mitigate SQL-injection (I believe) through the use of params, something like:Is there a way to do this directly in
pandasql
? It may be as simple as passing it directly. Thoughts?Something like:
I've also asked on stackoverflow, in case I missed docs or other ideas.
Thanks!