Code Room
Code reviewMedium
Question
Review this Python (Flask + psycopg2) endpoint.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
@app.route('/orders')def orders(): status = request.args.get('status', 'open') sort = request.args.get('sort', 'created_at') cur = db.cursor() query = ( "SELECT id, total, created_at FROM orders " "WHERE user_id = %s AND status = '" + status + "' " "ORDER BY " + sort + " DESC" ) cur.execute(query, (g.user_id,)) return jsonify(cur.fetchall())Run or narrate your approach, then ask the coach.