Code Room
Code reviewMediumcr-g197
Subject InjectionLevel Mid–Senior~20 minCommon in Security · Databases & SQL · Algorithms & data structures interviewsIndustries Software development

Question

Review this Python data-access function used by a search endpoint.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
def search_users(conn, name, sort_col):    cur = conn.cursor()    query = (        "SELECT id, email FROM users "        "WHERE name LIKE '%%%s%%' "        "ORDER BY %s" % (name, sort_col)    )    cur.execute(query)    return cur.fetchall()
Run or narrate your approach, then ask the coach.