SQL: add support for passing query parameters in REST API calls #51029
Conversation
|
Pinging @elastic/es-search (:Search/SQL) |
| -------------------------------------------------- | ||
| // TEST[setup:library] | ||
|
|
||
| or it can be done by extracting the values in a separate list of parameters and using question mark placeholders (`?`) in the query string: |
There was a problem hiding this comment.
I would add a statement to mention that this is the recommended way of passing parameters to avoid hacking or SQL injection (which does not apply to us but nevertheless).
| @@ -61,8 +61,8 @@ public SqlQueryRequest() { | |||
| } | |||
|
|
|||
| public SqlQueryRequest(String query, List<SqlTypedParamValue> params, QueryBuilder filter, ZoneId zoneId, | |||
| int fetchSize, TimeValue requestTimeout, TimeValue pageTimeout, Boolean columnar, | |||
| String cursor, RequestInfo requestInfo, boolean fieldMultiValueLeniency, boolean indexIncludeFrozen) { | |||
| int fetchSize, TimeValue requestTimeout, TimeValue pageTimeout, Boolean columnar, | |||
There was a problem hiding this comment.
I think this formatting change is wrong?
| return Objects.equals(value, that.value) && Objects.equals(type, that.type); | ||
| return Objects.equals(value, that.value) | ||
| && Objects.equals(type, that.type) | ||
| && Objects.equals(hasExplicitType, that.hasExplicitType); |
There was a problem hiding this comment.
tokenLocation shouldn't be part of equals and hashCode?
| parser.declareString((request, zoneId) -> request.zoneId(ZoneId.of(zoneId)), TIME_ZONE); | ||
| parser.declareInt(AbstractSqlQueryRequest::fetchSize, FETCH_SIZE); | ||
| parser.declareString((request, timeout) -> request.requestTimeout(TimeValue.parseTimeValue(timeout, Protocol.REQUEST_TIMEOUT, | ||
| "request_timeout")), REQUEST_TIMEOUT); | ||
| "request_timeout")), REQUEST_TIMEOUT); |
There was a problem hiding this comment.
was the extra space intended?
There was a problem hiding this comment.
Yes, to have a uniform formatting for the field parsers' declaration. See here the initial formatting.
| // we are at the start of a value/type pair... hopefully | ||
| SqlTypedParamValue s = SqlTypedParamValue.fromXContent(p); | ||
| /* | ||
| * Set the xcontentlocation for the first param just in case the first one doesn't meet the parsing rules |
There was a problem hiding this comment.
Was wondering if this was meant as ... for the first param that doesn't meet ..., since an object could occur at any point in the array.
There was a problem hiding this comment.
I rephrased this section for, hopefully, better clarity.
| if ((previousParam != null && previousParam.hasExplicitType() == false) || result.isEmpty()) { | ||
| s.tokenLocation(loc); | ||
| } | ||
| result.add(s); | ||
| previousParam = s; |
There was a problem hiding this comment.
This code executes in both if/else branches, it might be worth considering taking it out.
Another nit: a switch with all the top enums (object, string, number, bool, null) might also arguably simplify the code.
There was a problem hiding this comment.
I've extracted the common code, but I kept the if/else approach. I find it a bit more clear than a switch.
| @@ -75,11 +81,11 @@ public AbstractSqlQueryRequest(String query, List<SqlTypedParamValue> params, Qu | |||
| parser.declareString(AbstractSqlQueryRequest::query, QUERY); | |||
| parser.declareString((request, mode) -> request.mode(Mode.fromString(mode)), MODE); | |||
| parser.declareString((request, clientId) -> request.clientId(clientId), CLIENT_ID); | |||
| parser.declareObjectArray(AbstractSqlQueryRequest::params, (p, c) -> SqlTypedParamValue.fromXContent(p), PARAMS); | |||
| parser.declareField(AbstractSqlQueryRequest::params, p -> AbstractSqlQueryRequest.parseParams(p), PARAMS, ValueType.VALUE_ARRAY); | |||
There was a problem hiding this comment.
Could the second arg also be a method reference?
the equality between TokenLocations is based on instance and not inner values.
…tic#51029) * REST PreparedStatement-like query parameters are now supported in the form of an array of non-object, non-array values where ES SQL parser will try to infer the data type of the value being passed as parameter. (cherry picked from commit 45b8bf6)
…tic#51029) * REST PreparedStatement-like query parameters are now supported in the form of an array of non-object, non-array values where ES SQL parser will try to infer the data type of the value being passed as parameter.
Add support for PreparedStatement-like of passing values to a sql query.
The query string will use question mark placeholders (
?) for any values that will be passed in through a newparamsrequest parameter:Addresses #42916.