Build a SQL string.
This is a convenience function that should prevent sql injection attacks (which in the context of dplyr are most likely to be accidental not deliberate) by automatically escaping all expressions in the input, while treating bare strings as sql. This is unlikely to prevent any serious attack, but should make it unlikely that you produce invalid sql.
build_sql(..., .env = parent.frame(), con = NULL)
build_sql("SELECT * FROM TABLE") x <- "TABLE" build_sql("SELECT * FROM ", x) build_sql("SELECT * FROM ", ident(x)) build_sql("SELECT * FROM ", sql(x)) # http://xkcd.com/327/ name <- "Robert'); DROP TABLE Students;--" build_sql("INSERT INTO Students (Name) VALUES (", name, ")")