{"html_url": "https://github.com/simonw/datasette/issues/39#issuecomment-339510770", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/39", "id": 339510770, "node_id": "MDEyOklzc3VlQ29tbWVudDMzOTUxMDc3MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2017-10-26T00:07:40Z", "updated_at": "2017-10-26T00:07:40Z", "author_association": "OWNER", "body": "It looks like I should double quote my columns and ensure they are correctly escaped https://blog.christosoft.de/2012/10/sqlite-escaping-table-acolumn-names/ - hopefully using ? placeholders for column names will work. I should use ? for tables too.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 268469569, "label": "Protect against malicious SQL that causes damage even though our DB is immutable"}, "performed_via_github_app": null}