Writing SQL is fine — until your team has 40-plus tables, analysts who can't remember column names, and product managers asking for "just a quick query" every afternoon. Natural language to SQL (NL2SQL) is a genuine productivity lever, but getting it right in production means going beyond passing a question to a language model and hoping for the best.
This article walks through building a robust NL2SQL system in Python: schema injection, safe query generation, output validation, and the security traps waiting between demo and production.
The architecture in one picture
The core flow looks simple: send the user's question plus your database schema to a language model, get SQL back. Three things reliably break this in practice:
Schema drift: the model generates columns that no longer exist






