向查询传递参数
编辑向查询传递参数
编辑例如,在查询条件或 HAVING 语句中使用值可以通过将值直接整合到查询字符串本身来实现。
resp = client.sql.query(
format="txt",
query="SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0",
)
print(resp)
response = client.sql.query(
format: 'txt',
body: {
query: "SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0"
}
)
puts response
const response = await client.sql.query({
format: "txt",
query:
"SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0",
});
console.log(response);
POST /_sql?format=txt
{
"query": "SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0"
}
或者,也可以将值提取到一个单独的参数列表中,并在查询字符串中使用问号占位符 (?)。
resp = client.sql.query(
format="txt",
query="SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?",
params=[
300,
"Frank Herbert",
0
],
)
print(resp)
response = client.sql.query(
format: 'txt',
body: {
query: 'SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?',
params: [
300,
'Frank Herbert',
0
]
}
)
puts response
const response = await client.sql.query({
format: "txt",
query:
"SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?",
params: [300, "Frank Herbert", 0],
});
console.log(response);
POST /_sql?format=txt
{
"query": "SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?",
"params": [300, "Frank Herbert", 0]
}
推荐使用问号占位符向查询传递值,以避免任何黑客攻击或 SQL 注入尝试。