sql - Handling dynamic (user supplied) column names -


when writing applications manage data, useful allow end user create or remove classes of data best represented columns. example, i'm working on dictionary building application; user might decide want add, say, "alternate spelling" field or data, represented column.

usually, name column based on whatever user called ("alternate_spelling" in case); however, user-defined string isn't explicitly sanitized database identifier bothers me. since column names can't bound values, i'm trying figure out how sanitize column names.

so question is: should doing? can away quoting things? there's lots of questions asking how bind column names in sql, , many responses saying 1 should never need to, never explaining correct approach handling variable columns. i'm working in python specifically, think question more general.

it depands on database using...

according postgresql: "sql identifiers , key words must begin letter (a-z, letters diacritical marks , non-latin letters) or underscore (_). subsequent characters in identifier or key word can letters, underscores, digits (0-9), or dollar signs ($). note dollar signs not allowed in identifiers according letter of sql standard, use might render applications less portable"

(keep in mind: maximum length allowed name)


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -