In this article
...
Use this Snap to add a WHERE clause in your SQL query. The WHERE clause is used to create filters/conditions. The Snap can also be used an an equivalent of a HAVING clause in the context of aggregate operations. This Snap also allows you to preview the result of the output query. You can validate the modified query using this preview functionality.
Prerequisites
None.
Limitations and Known Issues
...
Parameter Name | Data Type | Description | Default Value | Example | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Label | String |
| ELT Filter | GRADE_RECORD | ||||||||
ELT Filter | String | Required. The condition for the WHERE clause. You can also use Pipeline parameters in this field to bind values. However, you must be careful to avoid SQL injection. See Preventing SQL Injection for details. | N/A | GRADE = 1 GENDER = 'MALE' | ||||||||
Get preview data | Check box |
| Not selected | Selected |
Preventing SQL Injection
You can pass Pipeline parameters as values in an SQL expression; however, if you do not phrase the expression properly it can lead to the parameter's name being bound as a value in the database. This potentially incorrect information being inserted into the database is known as SQL injection. It is thus necessary to take precautions when including Pipeline parameters in your SQL expression to prevent SQL injection. Based upon the intended use of the Pipeline parameter, use one or both the following methods to prevent accidental SQL injection:
Method-1: Simple Substitutions
You can reference the Pipeline parameter directly with a JSON-path without enabling expressions.
For example, if you want to use the Pipeline parameter, name, which contains the value of a column in the ELT Filter field:
Code Block |
---|
colname = _name |
Method-2: Dynamic Substitutions
You must enable expressions when using Pipeline parameters for dynamic substitutions. Format the SQL expression, except the Pipeline parameter's reference, as a string.
For example, if you want to use the Pipeline parameter, name, which contains the value of a column in the ELT Filter field:
Code Block |
---|
_columnname + “= _name” |
The Snap evaluates the expression and also carries out path substitutions.
Here is how it works
The Snap pre-processes the query to extract any JSON-Paths and converts them to bound parameters. For example, consider the following query:
Code Block |
---|
_columnname + “= _name” |
The Snap converts this query into the following before turning it into a prepared statement for the database:
Code Block |
---|
colname = ? |
The Snap evaluates the JSON-Path to get the value to bind the Pipeline parameter in the prepared statement.
Note | ||
---|---|---|
| ||
When expressions are disabled, use \ as an escape character to treat underscore (_) as a string. For example:
|
Troubleshooting
None.
Downloads
...