You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docsrc/Connecting_and_queries.rst
+33-5Lines changed: 33 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -362,13 +362,21 @@ placeholders and then pass values into those placeholders when the query is run.
362
362
protects against SQL injection attacks and also helps manage dynamic queries that are
363
363
likely to change, such as filter UIs or access control.
364
364
365
+
There are two supported styles for parameterized queries in the Firebolt Python SDK:
366
+
367
+
* **QMARK style** (default): Use question marks ``?`` as placeholders. This is controlled by the ``firebolt.db.paramstyle`` variable set to ``"qmark"`` or ``"native"``. Substitution is performed on the client side.
368
+
* **FB Numeric style**: Use numbered placeholders ``$1, $2, ...``. This is enabled by setting ``firebolt.db.paramstyle = "fb_numeric"`` before connecting. Substitution is performed on the server side, providing additional protection against SQL injection.
369
+
365
370
To run a parameterized query, use the ``execute()`` cursor method. Add placeholders to
366
-
your statement using question marks ``?``, and in the second argument pass a tuple of
367
-
parameters equal in length to the number of ``?`` in the statement.
371
+
your statement using the appropriate style, and in the second argument pass a tuple of
372
+
parameters equal in length to the number of placeholders in the statement.
368
373
374
+
**QMARK style example (default):**
369
375
370
376
::
371
377
378
+
# No need to set paramstyle, it defaults to "qmark"
379
+
372
380
cursor.execute(
373
381
"""
374
382
CREATE FACT TABLE IF NOT EXISTS test_table2 (
@@ -379,15 +387,31 @@ parameters equal in length to the number of ``?`` in the statement.
379
387
PRIMARY INDEX id;"""
380
388
)
381
389
390
+
cursor.execute(
391
+
"INSERT INTO test_table2 VALUES (?, ?, ?)",
392
+
(1, "hello", "2018-01-01"),
393
+
)
394
+
395
+
396
+
**fb_numeric style example (server-side substitution):**
382
397
383
398
::
384
399
400
+
import firebolt.db
401
+
firebolt.db.paramstyle = "fb_numeric"
402
+
385
403
cursor.execute(
386
-
"INSERT INTO test_table2 VALUES (?, ?, ?)",
387
-
(1, "apple", "2018-01-01"),
404
+
"INSERT INTO test_table2 VALUES ($1, $2, $3)",
405
+
(2, "world", "2018-01-02"),
406
+
)
407
+
408
+
# paramstyle only needs to be set once, it will be used for all subsequent queries
409
+
410
+
cursor.execute(
411
+
"INSERT INTO test_table2 VALUES ($1, $2, $3)",
412
+
(3, "!", "2018-01-03"),
388
413
)
389
414
390
-
cursor.close()
391
415
392
416
.. _parameterized_query_executemany_example:
393
417
@@ -397,6 +421,10 @@ as values in the second argument.
397
421
398
422
::
399
423
424
+
import firebolt.db
425
+
# Explicitly set paramstyle to "qmark" for QMARK style in case it was changed
0 commit comments