Menu
We want to execute a parameterized query in Athena using the javascript sdk by aws.
Seems Athena's named query may be the way to do, but the documentation seems very cryptic to understand how to go about doing this.
It would be great if someone can help us do the following
SELECT c FROM Country c WHERE c.name = :name name parameter's value
914
Named queries are basically just a key/value store within Athena.
Open the Amazon Athena console at https://console.aws.amazon.com/athena/ . In the left navigation pane, choose Workflows. In the Execute multiple queries tile, choose Get started. In the Get started dialog box, choose Deploy a sample project, and then choose Continue.
Edit: this answer was written before Athena supported prepared statements.
Named queries is a weird feature of Athena that is not really useful for anything, unfortunately.
Athena does not support prepared statements like many RDBMSs. There are SQL libraries with support for doing parameter expansion client side – Sequel for Ruby is one I have experience with, unfortunately I can't give you a suggestion for JavaScript.
Escaping in Athena's SQL dialect isn't very complicated, however. In identifiers double quotes need to be escaped as two double quotes and in literal strings single quotes need to be escaped as single quotes. Other datatypes just need to be clean, e.g. only digits for integers.
Also, keep in mind that in Athena, the dangers of SQL injection are different than in an RDBMS: Athena can't delete your data. If you set up your IAM permissions correctly the user can't even drop tables, and even if you for some reason run queries with a user that is allowed to drop tables, tables are just metadata and can easily be set up again.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
