Database: should we indicate that query text was sanitized?

[lmolkova]

From June 5 SIG call: Is there any way to determine whether a query has been sanitized? ? is a common placeholder for query parameters.

An explicit flag that a query was sanitized could work, with the benefit of not require any string parsing to determine if the query was originally parameterized or not.

That's a good point, however I'm not sure if this is important enough to address it at this point. We can always add an additional attribute to store if the query was sanitized or not as an incremental change.

There is the db.query.parameter.<key> to store parameters - so if the query is parametrized, then that attributes is used - however that attribute is opt-in, so admittedly that'll not help in a default setup.

I personally would wait for user feedback on this and if needed, then I'd add the additional flag on-demand if we really see the need for it.

Originally posted by @gregkalapos in #1100 (comment)

[trask]

Moving to post-stability since this can be added as span attribute later, and won't be a metric attribute anyways (at least not be default) since db.query.text isn't a metric attribute either.