pkvprakash
commented
4 years ago @aplavin Can you please review this PR?
Open kljh opened 5 years ago
pkvprakash
commented
4 years ago @aplavin Can you please review this PR?
Allow queries with parameters to avoid SQL injection and issues with escaping strings.
This means we can replace df = sqldf("select from df where id='"+id+"'") with the parametrised query df = sqldf("select from df where id=?", params = (id, )) which will work even if the variable id contains single quotes.
Thanks a lot for this nice project.