Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Timestream prepared queries

0

I am really puzzled by Timestream PrepareQuery. You can make this call and it will validate it but not store it. But then I don't see how you would use that.

I'm using, specifically, the typescript api

I was interested in this mainly from the perspective of SQL-safe parameter substitution. It's discouraged to build query strings with just a plain string concat, it gives you exposure to injection attacks. So having some kind of sql safe parameter substitution is pretty important.

Am I missing something?

Temas
Base de datos
Etiquetas
Amazon Timestream
Idioma
English
profile picture
wz2b
preguntada hace 10 meses411 visualizaciones
1 Respuesta
0
Respuesta aceptada

Amazon Timestream does not support parameterized queries natively, and the PrepareQuery API method is meant for query validation and not for storing or using prepared statements. You can use the following as a workaround and sanitize your inputs

import { escape } from 'mysql';

let userId = getUserInput();
let query = `SELECT * FROM users WHERE id = ${escape(userId)}`;
profile picture
EXPERTO
Sedat Salman
respondido hace 10 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante