Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Timestream prepared queries

0

I am really puzzled by Timestream PrepareQuery. You can make this call and it will validate it but not store it. But then I don't see how you would use that.

I'm using, specifically, the typescript api

I was interested in this mainly from the perspective of SQL-safe parameter substitution. It's discouraged to build query strings with just a plain string concat, it gives you exposure to injection attacks. So having some kind of sql safe parameter substitution is pretty important.

Am I missing something?

Topics
Database
Tags
Amazon Timestream
Language
English
asked 3 years ago900 views
1 Answer
0
Accepted Answer

Amazon Timestream does not support parameterized queries natively, and the PrepareQuery API method is meant for query validation and not for storing or using prepared statements. You can use the following as a workaround and sanitize your inputs

import { escape } from 'mysql';

let userId = getUserInput();
let query = `SELECT * FROM users WHERE id = ${escape(userId)}`;
EXPERT
answered 3 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content