In translating natural language to SQL, be sure you're not introducing opportunities for SQL injection attacks. Code like
sql = 'SELECT %s FROM %s' % (this, that) is considered dangerous, because a well-crafted value for "that" can be used to, e.g., delete rows from your tables, run system commands, etc. You can save a lot of worry by using a database account with read-only privileges, but you still have to be careful. My advice is to read up on "sql injection" before going too public with your code. Graham -- http://mail.python.org/mailman/listinfo/python-list
