Is there any way for me to use parametrized insert queries in my python Influx client, instead of just sending the dictionary as is?
Thank you,
Tsachi
@tsachi Can you share an example of what you are currently doing and what you would like to do? It is hard to understand without some code!
Of ocurse.
I am currently doing:
insert_dict = {
'measurement': 'my_measurement',
'tags': {
'tag_1': 'val_1',... 'tag_n': 'val_n'
},
'field': {
'field_1': 'value_1',... 'field_m': 'value_m'
},
'time': 'some_date'
}
I would like to make sure that this is safe from ‘sql-injection’ type of attacks.
When I use an SQL adapter, I get it by using parameterized query, so that
select item_1,... item_k from some_table where item_j = 'filter' query turns into:
select item_1,... item_k from some_table where item_j = '%s' , and then my adpter gets the query_string + parameters, and keeps them safe from SQL injections.
@tsachi I don’t think that option is currently available. You could run a validator on a line protocol string representation of the dictionary before giving it to the client for writing. Would that work for your usecase?
Sure that could work. I just wondered if there is anything built in / planned in the near future.
Thanks!
@tsachi We don’t have anything like that on the roadmap. If you wanted to open a PR over on influxdb-python we would be happy to merge it!
