Postgres Bucket's sql f-strings #233
Description
The postgres bucket implementation uses a sql f-string which raises concern over sql injection possibilities. Two of the parameters are easy to move to sql parameters but the dynamic table name is a little trickier.
Recommendation: rewrite to sanitize the table name, and use parameters for the other fields.
This was flagged in #228