Hello!
So i’m using this SELECT META().id, file FROM bucket WHERE file IS NOT MISSING AND META().id LIKE 'file_(i need a parameter here)% query to grab files from my database, and i was wondering how i’d put a parameter in there without it becoming vulnerable. I’m unable to find the n1qlquery class/function the docs speak about, and using parameters ($1) and then writing the variable i need to throw in there doesn’t seem to have any effect either.
SELECT META().id, file
FROM `bucket`
WHERE file IS NOT MISSING
AND META().id LIKE "file_" || $name || "%";
You need to pass $1. If you did not pass $name, it returns error. $name must be string get results due to concat.
Any other values will get 0 results because concat on non-string will result in NULL or MISSING
so when i write that in my Query, would i just add , (variable) to pass it in?
During execution you need pass $name as named parameter. Check named/positional parameters in documentation
https://docs.couchbase.com/sdk-api/couchbase-python-client-2.4.1/api/n1ql.html
1 Like
Oh so passing in name=(variable) is the fix, thanks vsr1
1 Like