You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the only option exposed to users when calling Query() is whether to use StandardSQL or LegacySQL syntax.
This leaves out some important options, the most urgent seems to be QueryParameter. This allows you to safely inject values into a query without opening yourself to a SQL injection attack.
Adding would be simple, a new value could be added to the QueryOptions struct. It could either be the slice []bigquery.QueryParameter exposed in the underlying library's config options, or a custom struct that can be converted.
What would you like to happen?
Currently, the only option exposed to users when calling Query() is whether to use StandardSQL or LegacySQL syntax.
This leaves out some important options, the most urgent seems to be QueryParameter. This allows you to safely inject values into a query without opening yourself to a SQL injection attack.
Adding would be simple, a new value could be added to the QueryOptions struct. It could either be the slice
[]bigquery.QueryParameter
exposed in the underlying library's config options, or a custom struct that can be converted.Once added to
QueryOptions
, it would need to be used within the Query itself which can be done in the same manner of the existing LegacySQL optionAnother option that would be nice to be able to set is dataset id.
I'm willing to submit a PR if its something that sounds helpful.
Issue Priority
Priority: 2 (default / most feature requests should be filed as P2)
Issue Components
The text was updated successfully, but these errors were encountered: