java - How to prevent query injection on Google Big Query

Question

Welcome To Ask or Share your Answers For Others

java - How to prevent query injection on Google Big Query

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

I'm writing some Google Big-query dynamic reporting utilities to our website, that will allow users to select a parameter to be replaced in the query. Given this query "template":

SELECT  name ,
        birthday
FROM    [dataset.users]
WHERE   registration_date = '{{registration_date}}'

we take the {{registration_date}} value from the user and replace it in the template, resulting in a query:

SELECT  name ,
        birthday
FROM    [dataset.users]
WHERE   registration_date = '2013-11-11'

How I can prevent sql-injection like attacks in this scenario, given that I'm executing the queries using the Google Big-query client API, and the API don't allow one to use positioned parameters as on traditional RDBMS apis.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

301 views

1 Answer

深蓝 · Answer 1 · 2021-10-23T20:00:56+0000

answered Oct 24, 2021 by 深蓝 (71.8m points)

Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

Categories

java - How to prevent query injection on Google Big Query

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags