适用于:
Databricks SQL Databricks Runtime 13.3 LTS 及更高版本
该 IDENTIFIER 子句在 SQL 语句中使标识符能够安全地参数化,以防止 SQL 注入。
适用于:
Databricks Runtime 18.0 及更高版本只要参数仅包含字符串文本或字符串参数标记,该子句就可以替换多部分名称中的任何对象名称或标识符。 这包括合并的字符串,例如:
'myschema' :table 'mycolumn'或:schema :table :column。适用于:
Databricks SQL Databricks Runtime 13.3 LTS 及更高版本该IDENTIFIER子句将常量字符串(例如
'myschema' || :table || 'mycolumn'或:schema || :table || :column)解释为:- 关系(表或视图)名称
- 函数名称
- 列名称
- 字段名称
- 架构名称
- 目录名称
IDENTIFIER 子句限制为以下语句:
- CREATE、ALTER、DROP 或 UNDROP 语句中表、视图或函数的主题名称。
- MERGE、UPDATE、DELETE、INSERT、COPY INTO 语句的目标表名称。
- SHOW 或 DESCRIBE 语句的目标。
- 使用架构或目录
- 函数调用
- 查询中引用的列、表或视图。 这包括 DDL 或 DML 语句中嵌入的查询。
注释
如果 IDENTIFIER 不受支持且 SQL 注入不是问题,那么可以改用 EXECUTE IMMEDIATE。
例如:EXECUTE IMMEDIATE 'CREATE TABLE ' || :tab || '(' || :col || 'INT)';
语法
IDENTIFIER ( strLiteral )
IDENTIFIER ( strExpr )
参数
-
strLiteral:文本
STRING通常由一个或多个合并的字符串 参数标记 和文本组件组成; -
strExpr:一个常数
STRING表达式,通常包含一个或多个参数标记。 从 Databricks Runtime 18.0 开始,此表示法已弃用。
示例
Scala
// Creation of a table using parameter marker.
spark.sql("CREATE TABLE IDENTIFIER(:mytab)(c1 INT)", args = Map("mytab" -> "tab1"))
// Altering a table with a fixed schema and a parameterized table name.
spark.sql("ALTER TABLE IDENTIFIER('default.' || :mytab) ADD COLUMN c2 INT)", args = Map("mytab" -> "tab1"))
// Altering a table with a fixed schema and a parameterized table name in DBR 18.0 and above.
spark.sql("ALTER TABLE IDENTIFIER('default.' :mytab) ADD COLUMN c2 INT)", args = Map("mytab" -> "tab1"))
// Dropping a table with separate schema and table parameters.
spark.sql("DROP TABLE IDENTIFIER(:myschema || '.' || :mytab)", args = Map("mySchema" -> "default", "mytab" -> "tab1"))
// Dropping a table with separate schema and table parameters in DBR 18.0 and above.
spark.sql("DROP TABLE IDENTIFIER(:myschema '.' :mytab)", args = Map("mySchema" -> "default", "mytab" -> "tab1"))
// A parameterized reference to a table in a query. The table name is qualified and uses back-ticks.
spark.sql("SELECT * FROM IDENTIFIER(:mytab)", args = Map("mytab" -> "`default`.`tab1`"))
// You cannot qualify the IDENTIFIER claue or use it as a qualifier itself.
spark.sql("SELECT * FROM myschema.IDENTIFIER(:mytab)", args = Map("mytab" -> "`tab1`"))
spark.sql("SELECT * FROM IDENTIFIER(:myschema).mytab", args = Map("mychema" -> "`default`"))
// A parameterized column reference
spark.sql("SELECT IDENTIFIER(:col) FROM VALUES(1) AS T(c1)", args = Map("col" -> "t.c1"))
// Passing in an aggregate function name as a parameter
spark.sql("SELECT IDENTIFIER(:agg)(c1) FROM VALUES(1), (2) AS T(c1)", args = Map("agg" -> "max"))
SQL
-- Using a catalog using a variable.
> DECLARE mycat = 'main';
> USE CATALOG IDENTIFIER(mycat);
-- Creation of a table using variable.
> DECLARE mytab = 'tab1';
> CREATE TABLE IDENTIFIER(mytab)(c1 INT);
-- Altering a table with a fixed schema and a parameterized table name.
> ALTER TABLE IDENTIFIER('default.' || mytab) ADD COLUMN c2 INT;
-- Altering a table with a fixed schema and a parameterized table name in DBR 18.0 and above.
> ALTER TABLE IDENTIFIER('default.' || mytab) ADD COLUMN c2 INT;
-- Inserting using a parameterized table name. The table name is qualified and uses back-ticks.
> SET VAR mytab = '`default`.`tab1`';
> INSERT INTO IDENTIFIER(mytab) VALUES(1, 2);
-- A parameterized reference to a table in a query.
> SELECT * FROM IDENTIFIER(mytab);
1 2
-- Dropping a table with separate schema and table parameters.
> DECLARE myschema = 'default';
> SET VAR mytab = 'tab1';
> DROP TABLE IDENTIFIER(myschema || '.' || mytab);
-- In DBR 18.0 and above:
> DROP TABLE IDENTIFIER(myschema '.' mytab);
-- You cannot qualify the IDENTIFIER clause or use it as a qualifier itself prior to DBR 18.0.
> SELECT * FROM myschema.IDENTIFIER('tab');
Error: PARSE_SYNTAX_ERROR
> SELECT * FROM IDENTIFIER('default').mytab;
Error: PARSE_SYNTAX_ERROR
-- A parameterized column reference
> DECLARE col = 't.c1';
> SELECT IDENTIFIER(col) FROM VALUES(1) AS T(c1);
1
-- Passing in an aggregate function name as a parameter
> DECLARE agg = 'max';
> SELECT IDENTIFIER(agg)(c1) FROM VALUES(1), (2) AS T(c1);
2