Is this a safe bet or am I risking something
As long as it's simple LOAD DATA INFILE query - no. However,
Instead of using that database, I created another one with an extra column called status.
- Such a flying circus is absolutely unnecessary.
- It doesn't protect you from injection anyway.
Instead, you have to use prepared statements for ALL the queries in your application.