sha,message,author_date,committer_date,raw_author,raw_author_label,raw_committer,raw_committer_label,repo,repo_label,author,author_label,committer,committer_label
186c513a61a091b9f83d788e25b08f41a84ed9a3,"Support parameterized SQL and block potentially harmful queries

You can now call arbitrary SQL like this:

    /flights?sql=select%20*%20from%20airports%20where%20country%20like%20:c&c=iceland

Unescaped, those querystring params look like this:

    sql = select * from airports where country like :c
    c = iceland

So SQL can be constructed with named parameters embedded in it, which will
then be read from the querystring and correctly escaped.

This means we can aggressively filter the SQL parameter for potentially
dangerous syntax. For the moment we enforce that it starts with a SELECT
statement and we ban the sequence ""pragma"" from it entirely.

If you need to use pragma in a query, you can use the new named parameter
mechanism.

Fixes #39",2017-11-05T02:49:18Z,2017-11-05T02:49:18Z,2946d096d0cdefdc017559e6b57e87658736e843,Simon Willison,2946d096d0cdefdc017559e6b57e87658736e843,Simon Willison,107914493,datasette,9599,simonw,9599,simonw