Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
329 views
in Technique[技术] by (71.8m points)

java - How to prevent query injection on Google Big Query

I'm writing some Google Big-query dynamic reporting utilities to our website, that will allow users to select a parameter to be replaced in the query. Given this query "template":

SELECT  name ,
        birthday
FROM    [dataset.users]
WHERE   registration_date = '{{registration_date}}'

we take the {{registration_date}} value from the user and replace it in the template, resulting in a query:

SELECT  name ,
        birthday
FROM    [dataset.users]
WHERE   registration_date = '2013-11-11'

How I can prevent sql-injection like attacks in this scenario, given that I'm executing the queries using the Google Big-query client API, and the API don't allow one to use positioned parameters as on traditional RDBMS apis.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...