sql - Handling dynamic (user supplied) column names -
when writing applications manage data, useful allow end user create or remove classes of data best represented columns. example, i'm working on dictionary building application; user might decide want add, say, "alternate spelling" field or data, represented column.
usually, name column based on whatever user called ("alternate_spelling" in case); however, user-defined string isn't explicitly sanitized database identifier bothers me. since column names can't bound values, i'm trying figure out how sanitize column names.
so question is: should doing? can away quoting things? there's lots of questions asking how bind column names in sql, , many responses saying 1 should never need to, never explaining correct approach handling variable columns. i'm working in python specifically, think question more general.
it depands on database using...
according postgresql: "sql identifiers , key words must begin letter (a-z, letters diacritical marks , non-latin letters) or underscore (_). subsequent characters in identifier or key word can letters, underscores, digits (0-9), or dollar signs ($). note dollar signs not allowed in identifiers according letter of sql standard, use might render applications less portable"
(keep in mind: maximum length allowed name)
Comments
Post a Comment