def jobs(table='postings'): """Return list of jobs.""" job = request.args.get('term') # protect from SQL injection if job: job = job.strip(';') sql = "select job from {0} where job like '%{1}%' group by job" df = db.read_sql(sql.format(table, job)) return json.dumps(df.job.values.tolist())