That is really neat! One thing I would point out is to make sure to sanitize the inputs table and schema, because they are passed directly into the SQL query they would be easy targets for a SQL injection if exposed to end users. I personally would add the validation within this view itself.
I believe the inputs are already appropriately escaped by passing them through `sql.Identifier`. I have added a comment in the gist about this as well.
That is really neat! One thing I would point out is to make sure to sanitize the inputs table and schema, because they are passed directly into the SQL query they would be easy targets for a SQL injection if exposed to end users. I personally would add the validation within this view itself.
Hi, author here.
I believe the inputs are already appropriately escaped by passing them through `sql.Identifier`. I have added a comment in the gist about this as well.
Thank you, my mistake!