Parameterized queries in Azure Cosmos DB for NoSQL
APPLIES TO:
NoSQL
Azure Cosmos DB for NoSQL supports queries with parameters expressed by the familiar @ notation. Parameterized SQL provides robust handling and escaping of user input, and prevents accidental exposure of data through SQL injection.
Examples
For example, you can write a query that takes upperPriceLimit
as a parameter, and execute it for various values of price
based on user input.
SELECT
*
FROM
p
WHERE
(NOT p.onSale) AND
(p.price BETWEEN 0 AND @upperPriceLimit)
You can then send this request to Azure Cosmos DB for NoSQL as a parameterized JSON query object.
{
"query": "SELECT * FROM p WHERE (NOT p.onSale) AND (p.price BETWEEN 0 AND @upperPriceLimit)",
"parameters": [
{
"name": "@upperPriceLimit",
"value": 100
}
]
}
This next example sets the TOP
argument with a parameterized query:
{
"query": "SELECT TOP @pageSize * FROM products",
"parameters": [
{
"name": "@pageSize",
"value": 10
}
]
}
Parameter values can be any valid JSON: strings, numbers, booleans, null, even arrays or nested JSON. Since Azure Cosmos DB for NoSQL is schemaless, parameters aren't validated against any type.
Here are examples for parameterized queries in each Azure Cosmos DB for NoSQL SDK:
Related content
Aiseolas
https://aka.ms/ContentUserFeedback.
Ag teacht go luath: Le linn 2024 beimid ag cur deireadh de réir a chéile le fadhbanna GitHub mar mheicníocht aiseolais d’inneachar agus córas aiseolais nua a chur ina áit. Chun tuilleadh faisnéise a fháil féach ar :Cuir isteach agus féach ar aiseolas le haghaidh