Add support for query parameters #92
Comments
|
Big 👍 |
|
You can achieve what you want with some python string feature. if notice some python3 string formatting feature is used to replace the parameter in the query string. |
|
@iurnah this is generally a poor practice that causes query performance to suffer (compared to parametrized queries) and in many use cases open an application up to injection attacks. See here: https://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/ |
|
Any updates on this issue? IMO it’s very critical and a must have for sql clients |
|
I've just found out that presto-python-client Is this feature being implemented? |
|
Any updates here? I'm interested |
|
I think we can port PyHive's implementation for binding params. |
I'm trying to call Presto SQL with a simple parameter ('SELECT * FROM my_table WHERE id=${id}'
I'm getting following error:
prestodb.exceptions.PrestoUserError: PrestoUserError(type=USER_ERROR, name=SYNTAX_ERROR, message="line 56:26: mismatched input '$'. Expecting: 'ALL', 'ANY', 'SOME', ", query_id=20191204_102703_00302_6fjsq)
It seems that when calling cursor's execute function, the query parameters are ignored.
As you can see from the following code snippet (from dbapi.py), params is not used anywhere.
def execute(self, operation, params=None): self._query = prestodb.client.PrestoQuery(self._request, sql=operation) result = self._query.execute() self._iterator = iter(result) return resultThe text was updated successfully, but these errors were encountered: