Using parameterized queries in Python Influx client

Is there any way for me to use parametrized insert queries in my python Influx client, instead of just sending the dictionary as is?

Thank you,
Tsachi

@tsachi Can you share an example of what you are currently doing and what you would like to do? It is hard to understand without some code!

Of ocurse.
I am currently doing:

insert_dict = {
  'measurement': 'my_measurement',
  'tags': {
     'tag_1': 'val_1',... 'tag_n': 'val_n'
  },
  'field': {
     'field_1': 'value_1',... 'field_m': 'value_m'
  },
  'time': 'some_date'
}

I would like to make sure that this is safe from ‘sql-injection’ type of attacks.

When I use an SQL adapter, I get it by using parameterized query, so that
select item_1,... item_k from some_table where item_j = 'filter' query turns into:
select item_1,... item_k from some_table where item_j = '%s' , and then my adpter gets the query_string + parameters, and keeps them safe from SQL injections.

@tsachi I don’t think that option is currently available. You could run a validator on a line protocol string representation of the dictionary before giving it to the client for writing. Would that work for your usecase?

Sure that could work. I just wondered if there is anything built in / planned in the near future.

Thanks!

@tsachi We don’t have anything like that on the roadmap. If you wanted to open a PR over on influxdb-python we would be happy to merge it!