Allow queries with parameters to avoid SQL injection and issues with escaping strings.
This means we can replace
df = sqldf("select from df where id='"+id+"'")
with the parametrised query
df = sqldf("select from df where id=?", params = (id, ))
which will work even if the variable id contains single quotes.
Allow queries with parameters to avoid SQL injection and issues with escaping strings.
This means we can replace df = sqldf("select from df where id='"+id+"'") with the parametrised query df = sqldf("select from df where id=?", params = (id, )) which will work even if the variable id contains single quotes.
Thanks a lot for this nice project.