
Show HN: Django/gevent view to download PostgreSQL table as CSV in single query - michalc
https://gist.github.com/michalc/80ebd31dcb75cf805bb5d956c2cad6ea
======
philipkiely
That is really neat! One thing I would point out is to make sure to sanitize
the inputs table and schema, because they are passed directly into the SQL
query they would be easy targets for a SQL injection if exposed to end users.
I personally would add the validation within this view itself.

~~~
michalc
Hi, author here.

I believe the inputs are already appropriately escaped by passing them through
`sql.Identifier`. I have added a comment in the gist about this as well.

~~~
philipkiely
Thank you, my mistake!

