java - How to prevent query injection on Google Big Query - OStack Q&A-Knowledge Sharing Community

I'm writing some Google Big-query dynamic reporting utilities to our website, that will allow users to select a parameter to be replaced in the query. Given this query "template":

SELECT  name ,
        birthday
FROM    [dataset.users]
WHERE   registration_date = '{{registration_date}}'

we take the {{registration_date}} value from the user and replace it in the template, resulting in a query:

SELECT  name ,
        birthday
FROM    [dataset.users]
WHERE   registration_date = '2013-11-11'

How I can prevent sql-injection like attacks in this scenario, given that I'm executing the queries using the Google Big-query client API, and the API don't allow one to use positioned parameters as on traditional RDBMS apis.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

Categories

java - How to prevent query injection on Google Big Query

java - How to prevent query injection on Google Big Query

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags