I need to use some complex syntax hence the basic Database API is not usable, so i need to use frappe.db.sql to execute a raw sql statement ?.
But I can’t find how to parameterize the SQL statement in the official documentation. I know i can use string interpolation, but it’s not good due to security vulnerabilities (SQL injection ?)
Thank you alot
use frappe.db.sql(query, params)
first param is
query as string,
second param is