[memracom]

Hey, it's a github repo. If you have discovered an issue with it, then clone the repo, fix the issue, and send in a pull request.

Yes, it does the simple form of variable substitution that opens the door to SQL injection attacks, but using a .execute method with ? in the SQL for variable substition is not the real solution. The real solution is what happens inside the .execute methods. There is no reason why that same code could not be incorporated in this mapper, and still maintain the goal of a minimal data access layer with no magic.

You can get some ideas in how to improve the code here https://github.com/PyMySQL/PyMySQL/blob/master/pymysql/curso... starting around line 91.