SQL Utilities¶

SQL generation helpers.

SQL utilities for safe identifier handling.

`is_expression(name)` ¶

Check if name is a safe DuckDB table-function expression.

Only read_csv, read_parquet, read_json, and read_json_auto are allowed. Arbitrary expressions containing parentheses are rejected to prevent SQL injection.

`quote_identifier(name)` ¶

Quote a SQL identifier (table or column name) to prevent injection.

Uses double-quoting (ANSI SQL standard). Rejects identifiers that contain characters outside the safe set as an extra layer of defense.

Table-function expressions (containing parentheses) are returned as-is because they are valid SQL but not identifiers.

`quote_value(value)` ¶

Escape a string value for safe use in SQL literals.

Doubles single quotes to prevent SQL injection.

SQL Utilities¶

is_expression(name) ¶

quote_identifier(name) ¶

quote_value(value) ¶

`is_expression(name)` ¶

`quote_identifier(name)` ¶

`quote_value(value)` ¶