英文:
Use user id in bigquery SQL query that is passed into the function via an argument
问题
我正在尝试从BigQuery获取给定用户的最后同步数据
查询由以下内容组成:
mc_query = """
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + user.id + '_facebook_pages'
"""
下面是这个函数:
def facebook_last_pulled(user):
# 我曾尝试在下面的代码行上使用这段代码,并将user.id替换为current_user_id,以确保ID也以字符串形式存在,并在查询中对用户ID使用CAST方法
#current_user_id = str(user.id)
mc_query = """
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + user.id + '_facebook_pages'
"""
print(user.id)
last_pulled_data = google_big_query(mc_query)
当我打印user.id时,我得到了我正在寻找的用户ID,但当我将其放入查询中时,我得到了GenericGBQException,原因:400 Unrecognized name: user at [4:45]。所以从看起来user没有被识别为mc_query变量的一部分,有人知道为什么我没有在那里获取user或解决这个问题的方法吗?
我尝试过为user.id设置一个变量,并在查询中使用该变量,以及使用CAST方法在查询中将其更改为字符串。
我正在尝试获取该用户行的fivetran_synced信息。
英文:
I'm trying to get the last synced data from bigquery for the given user
The query consists of this:
mc_query = """
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + user.id + '_facebook_pages'
"""
This is the function below:
def facebook_last_pulled(user):
# i've tried this code on the line below and replaced user.id with current_user_id in order to make sure the id is in the form of a string as well as using the CAST method on user id in the query
#current_user_id = str(user.id)
mc_query = """
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + user.id + '_facebook_pages'
"""
print(user.id)
last_pulled_data = google_big_query(mc_query)
Where I print user.id I get the user id I'm looking for but when I put it into the query I get GenericGBQException, Reason: 400 Unrecognized name: user at [4:45]. So from the seems of it user isn't getting picked up in the variable mc_query, anyone know the reason I'm not getting user in there or a way to solve this?
I've tried setting a variable for user.id and using the variable instead of user.id as well as the CAST method in order to change it to a string inside the query.
I'm trying to get the fivetran_synced info from that user's row
答案1
得分: 2
尝试使用f-string,像这样(注意查询之前的f):
def facebook_last_pulled(user):
mc_query = f"""
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + {user.id} + '_facebook_pages'
"""
last_pulled_data = google_big_query(mc_query)
请注意,这种方法可能容易受到SQL注入攻击。因此,建议使用以下实现方式:
def facebook_last_pulled(user):
mc_query = """
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + ? + '_facebook_pages'
"""
last_pulled_data = google_big_query(mc_query, user.id)
但是这种方式可能不起作用(我从未使用过google_big_query函数,也不知道它来自何处)。但是类似的实现方式适用于MySQL或SQLite,所以可能会起作用。在这种情况下,它会将所有问号替换为传递给执行查询函数的参数。
尽管这种方式可能不起作用,但它可能会指导你朝正确的方向前进。
(第一种不安全的SQL实现方式应该可以正常工作,所以如果潜在的恶意用户无法调用此函数,那么它可能是可以接受的。)
英文:
Try using an f-string, like this (note the leading f before the query):
def facebook_last_pulled(user):
mc_query = f"""
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + {user.id} + '_facebook_pages'
"""
last_pulled_data = google_big_query(mc_query)
Notice however that this may be prone to SQL injection. Instead, it may be recommended to use this implementation
def facebook_last_pulled(user):
mc_query = """
SELECT _fivetran_synced, connector_name
FROM `database....`
WHERE connector_name = 'pm_' + ? + '_facebook_pages'
"""
last_pulled_data = google_big_query(mc_query, user.id)
However this may not work (I have never used the function google_big_query and I don't know where it comes from). But a similar implementation works with MySQL or SQLite so it might work. It would in such a case fill in all question marks with the arguments passed to the executing query function.
Although this may not work, it may nudge you in the correct direction.
(The first implementation that is SQL unsafe should work though, so if potentially malicious end users don't have access to calling this function, it may be acceptable.)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论