python - Getting the table name to select on from the user -
my problem have select query table select info needs specified user, html file. can suggest way this?
i querying postgres database , sql queries in python file.
create variable table_name , verify contains characters allowed in table name. set sql query:
sql = "select ... {} ...".format(table_name) # replace ... real sql if don't verify , user sends nasty, you run risk.
python sql postgresql
No comments:
Post a Comment