Parameters in Rockset are a mechanism for securely passing variables into SQL Queries. Query Lambdas support receiving parameters at runtime and setting default values for parameters. This document explains how to use Parameters in Rockset SQL Queries and Query Lambdas.
Use parameters to safely specify literal values in your SQL at runtime. Parameters are automatically escaped and are thus safe from SQL injection attacks. Instead of inserting values into a SQL string manually (eg. by string concatenation), you should use parameters.
The following data types are currently supported for parameters:
When creating and querying parameters, ensure that the value of your parameter is formatted correctly using the respective format above.
Navigate to the Query Editor in the Rockset Console.
Select the “Parameters” tab in the section below the query editor, and then click “Add Parameter” button.
In the modal, name your parameter, select a type from the list of Supported Types, and provide a value for your parameter. Ensure that the value of your parameter is formatted correctly for the selected type.
Write a SQL query that uses your parameter. To use parameter
foo in your SQL, you can insert the text
:foo anywhere in the SQL query (e.g.
SELECT :foo). Rockset will interpret this value as a literal of the type you specified, so you do not need to put quotes around it (with the exception of SQL keywords, which do need to be escaped).
Execute your new query.
Query Lambdas support saving default values for parameters. These default values are used when the Query Lambda is invoked at runtime, if an explicit value for that parameter is not passed. Default values are not required for parameters in Query Lambdas.
Follow the steps above to create and execute a parameterized query.
Click the “Create Query Lambda” button in the blue command bar above the query editor.