agensgraph icon indicating copy to clipboard operation
agensgraph copied to clipboard

Published 20 hours ago verified publisher icon bitnine-oss

Using parameterized queries with Agens Graph

Open mihaj opened this issue 1 year ago • 1 comments

I am trying to parameterize Cypher queries in AgensGraph.

I know that Cypher supports some parametrization of parameters, but not sure if this is intended in AgensGraph. For example, I have this code:

            if (_npgsqlConnection.State != ConnectionState.Open) await _npgsqlConnection.OpenAsync();
            await using (var command = new NpgsqlCommand())
            {
                command.Connection = _npgsqlConnection;
                command.CommandText = @"CREATE GRAPH IF NOT EXISTS $graphName;";
                command.Parameters.AddWithValue("graphName", _graphName);
                command.UnknownResultTypeList = new[] { false, true };
                command.AllResultTypesAreUnknown = true;
                await command.ExecuteNonQueryAsync();
            }

I also tried command.CommandText = @"CREATE GRAPH IF NOT EXISTS @graphName;";

And I get back the

  Exception data:
    Severity: ERROR
    SqlState: 42601
    MessageText: syntax error at or near "$1"
    Position: 18
    File: scan.l
    Line: 1201
    Routine: scanner_yyerror

Is this even possible with Cypher and NpgsqlCommand?

mihaj avatar Apr 04 '23 10:04 mihaj

This is a PostgreSQL limitation. You couldn't use prepared statements with CREATE TABLE, for example.

In my opinion, your best bet here is probably to just validate the graphName with a strict whitelist regular expression (e.g., "^[a-zA-Z_]+$"), then build the CREATE GRAPH string with it.

samoscyberallenh avatar Apr 23 '23 22:04 samoscyberallenh