20 Aug 18 · Bozhack-miller · #bigquery ·   Bookmark   ×

How to run parameterized queries on BigQuery

BigQuery supports query parameters to help prevent SQL injection when queries are constructed using user input. This feature is only available with standard SQL syntax. (Query parameters can be used as substitutes for arbitrary expressions. Parameters cannot be used as substitutes for identifiers, column names, table names, or other parts of the query)

For Example: 

@val '123';
FROM [project_id:my_dataset.my_table] 
where name=@val

You can run a parameterized query like the above only from API or using BQ utility. You CANNOT run this using the Web UI


posted on 20 Aug 18

Enjoy great content like this and a lot more !

Signup for a free account to write a post / comment / upvote posts. Its simple and takes less than 5 seconds