Safe query parameters
Opened this issue · 2 comments
Hi there,
I've been looking around for a safe way to inject variables into queries using $database->query(...) but haven't come across anything (and looking through the code, it doesn't appear that this has been implemented. This is a little worrisome considering SQL injects can cause all sorts of nasty attacks and are very easily preventable.
Is there any way we could get something like the following in order to prevent injection attacks?
$database->query("SELECT * FROM measurement WHERE something=? AND other=?", [$something, $other]);Let me know if I'm missing anything/this is already implemented and thanks a bunch for creating Influx!
Just adding my request to the list for this. Right now, I am having to hand-sanitize all user input, which feels like writing PHP in 2005. Would love to see support for bound parameters.
Here is an example:
require __DIR__ . '/vendor/autoload.php';
use InfluxDB\Database;
use InfluxDB\Point;
$client = new InfluxDB\Client('127.0.0.1');
$database = $client->selectDB('stat');
$points = array(
new Point(
'test_metric', // name of the measurement
0.64, // the measurement value
['host' => 'server01', 'region' => 'us-west'], // optional tags
['cpucount' => 10], // optional additional fields
1435255849 // Time precision has to be set to seconds!
),
new Point(
'test_metric', // name of the measurement
0.84, // the measurement value
['host' => 'server02', 'region' => 'us-west'], // optional tags
['cpucount' => 10], // optional additional fields
1435255849 // Time precision has to be set to seconds!
)
);
// we are writing unix timestamps, which have a second precision
$result = $database->writePoints($points, Database::PRECISION_SECONDS);
$result = $database->query(
// 'select * from test_metric where host = $host LIMIT 5',
'select * from test_metric where "host" = $host LIMIT 5',
[
'params' => json_encode([
'host' => 'server02'
]),
],
)->getPoints();
dd($result);