metabase.query-processor.middleware.splice-params-in-response
splice-params-in-responseclj
(splice-params-in-response qp)Middleware that manipulates query response. Splice prepared statement (or equivalent) parameters directly into the
native query returned as part of successful query results. (This :native_form is ultimately what powers the
'Convert this Question to SQL' feature in the Query Processor.) E.g.:
{:data {:native_form {:query "SELECT * FROM birds WHERE name = ?", :params ["Reggae"]}}}
-> splice params in response ->
{:data {:native_form {:query "SELECT * FROM birds WHERE name = 'Reggae'"}}}
Note that this step happens after a query is executed; we do not want to execute the query with literals spliced in, so as to avoid SQL injection attacks.
This feature is ultimately powered by the metabase.driver/splice-parameters-into-native-query method. For native
queries without :params (which will be all of them for drivers that don't support the equivalent of prepared
statement parameters, like Druid), this middleware does nothing.
!!! IMPORTANT NOTE !!!
This middleware
Middleware that manipulates query response. Splice prepared statement (or equivalent) parameters directly into the
native query returned as part of successful query results. (This `:native_form` is ultimately what powers the
'Convert this Question to SQL' feature in the Query Processor.) E.g.:
{:data {:native_form {:query "SELECT * FROM birds WHERE name = ?", :params ["Reggae"]}}}
-> splice params in response ->
{:data {:native_form {:query "SELECT * FROM birds WHERE name = 'Reggae'"}}}
Note that this step happens *after* a query is executed; we do not want to execute the query with literals spliced
in, so as to avoid SQL injection attacks.
This feature is ultimately powered by the `metabase.driver/splice-parameters-into-native-query` method. For native
queries without `:params` (which will be all of them for drivers that don't support the equivalent of prepared
statement parameters, like Druid), this middleware does nothing.
!!! IMPORTANT NOTE !!!
This middleware cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close