20 August 2018 · Bozhack-miller ·       Add to Favorites   Report

How to run parameterized queries on BigQuery

BigQuery supports query parameters to help prevent SQL injection when queries are constructed using user input. This feature is only available with standard SQL syntax. (Query parameters can be used as substitutes for arbitrary expressions. Parameters cannot be used as substitutes for identifiers, column names, table names, or other parts of the query)

For Example: 

@val '123';
SELECT *
FROM [project_id:my_dataset.my_table] 
where name=@val

You can run a parameterized query like the above only from API or using BQ utility. You CANNOT run this using the Web UI

Bozhack-miller

posted on 20 August 2018

Read great educational content like this and a lot more !

Members get free exclusive access to content, new courses, and discounts. Signup for a free account to write a post / comment / upvote posts. Creating an account takes less than 5 seconds and you can start earning badges & points too

Copied