Events
Mar 17, 9 PM - Mar 21, 10 AM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowParameterized queries in Azure Cosmos DB for NoSQL
APPLIES TO: 
NoSQL
Azure Cosmos DB for NoSQL supports queries with parameters expressed by the familiar @ notation. Parameterized SQL provides robust handling and escaping of user input, and prevents accidental exposure of data through SQL injection.
For example, you can write a query that takes upperPriceLimit as a parameter, and execute it for various values of price based on user input.
NoSQL
SELECT
*
FROM
p
WHERE
(NOT p.onSale) AND
(p.price BETWEEN 0 AND @upperPriceLimit)
You can then send this request to Azure Cosmos DB for NoSQL as a parameterized JSON query object.
JSON
{
"query": "SELECT * FROM p WHERE (NOT p.onSale) AND (p.price BETWEEN 0 AND @upperPriceLimit)",
"parameters": [
{
"name": "@upperPriceLimit",
"value": 100
}
]
}
This next example sets the TOP argument with a parameterized query:
NoSQL
{
"query": "SELECT TOP @pageSize * FROM products",
"parameters": [
{
"name": "@pageSize",
"value": 10
}
]
}
Parameter values can be any valid JSON: strings, numbers, booleans, null, even arrays or nested JSON. Since Azure Cosmos DB for NoSQL is schemaless, parameters aren't validated against any type.
Here are examples for parameterized queries in each Azure Cosmos DB for NoSQL SDK:
Additional resources
Training
Module
Query the Azure Cosmos DB for NoSQL - Training
Author queries for Azure Cosmos DB for NoSQL using the SQL query language.
Certification
Microsoft Certified: Azure Cosmos DB Developer Specialty - Certifications
Write efficient queries, create indexing policies, manage, and provision resources in the SQL API and SDK with Microsoft Azure Cosmos DB.