SQL parameterization support

The rest SQL execution api doesn’t appear to support parameterization of the SQL. This may be security vulnerability as it allows for SQL injection attacks. Are there any plans to support parameterization of SQL?

Hey @swarren, this is on our radar, thanks for the +1. We’ll reach out once we have more info around timing.

1 Like

Hi,
Does Dremio support parameterized SQL query, to avoid basic SQL injection vulnerability?

Best regards,
Preeti

Does the SQL API still not support sending parameterized SQL queries? The last post on this topic is over 3 years old.

I want to send an API request from an application with the following SQL query -
select * from table1 where column1 == parameter from the application

@jeeshandas This feature is still in the 6th month roadmap but there is no exact ETA