Sanitizing Database Inputs
Using Placeholders to construct queries
con = sqlite3.connect("db/my_db.sqlite3")
cur = con.cursor()
cur.execute("CREATE TABLE birthdays(name, year)")
data = {"name": "Alice", "year": 1865}
cur.execute("INSERT INTO birthdays_table VALUES(:name, :year)", data)