Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Timestream prepared queries

0

I am really puzzled by Timestream PrepareQuery. You can make this call and it will validate it but not store it. But then I don't see how you would use that.

I'm using, specifically, the typescript api

I was interested in this mainly from the perspective of SQL-safe parameter substitution. It's discouraged to build query strings with just a plain string concat, it gives you exposure to injection attacks. So having some kind of sql safe parameter substitution is pretty important.

Am I missing something?

Themen
Datenbank
Tags
Amazon Timestream
Sprache
English
profile picture
wz2b
gefragt vor 9 Monaten408 Aufrufe
1 Antwort
0
Akzeptierte Antwort

Amazon Timestream does not support parameterized queries natively, and the PrepareQuery API method is meant for query validation and not for storing or using prepared statements. You can use the following as a workaround and sanitize your inputs

import { escape } from 'mysql';

let userId = getUserInput();
let query = `SELECT * FROM users WHERE id = ${escape(userId)}`;
profile picture
EXPERTE
Sedat Salman
beantwortet vor 9 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt