適用於:
Databricks SQL Databricks Runtime 13.3 LTS 和更新版本
此 IDENTIFIER 子句允許在 SQL 陳述式中進行防止 SQL 注入攻擊的識別碼參數化。
適用於:
Databricks 執行時間 18.0 及以上版本只要引數僅由字串文字或字串參數標記組成,該子句即可取代多部分名稱中的任何物件名稱或識別碼。 這包括聚合的字串,例如:
'myschema' :table 'mycolumn'或:schema :table :column。適用於:
Databricks SQL Databricks Runtime 13.3 LTS 和更新版本此 IDENTIFIER 子句將常數字串
'myschema' || :table || 'mycolumn'如 或:schema || :table || :column解釋為 a:- relation (資料表或檢視表) 名稱
- 函數名稱
- 欄位名稱
- 功能變數名稱
- 架構名稱
- 目錄名稱
該 IDENTIFIER 條款限於以下陳述:
- CREATE、ALTER、DROP 或 UNDROP 語句的資料表、視圖或函數名稱。
- MERGE、UPDATE、DELETE、INSERT、COPY INTO 陳述式的目標資料表名稱。
- SHOW 或 DESCRIBE 陳述的目標。
- 結構或目錄的使用
- 函式調用
- 查詢中引用的欄位、表格或檢視圖。 這包括內嵌在 DDL 或 DML 語句中的查詢。
備註
如果不支援該 IDENTIFIER 子句,且 SQL 注入不是問題,您可以改用 EXECUTE IMMEDIATE 。
例如:EXECUTE IMMEDIATE 'CREATE TABLE ' || :tab || '(' || :col || 'INT)';
語法
IDENTIFIER ( strLiteral )
IDENTIFIER ( strExpr )
參數
- strLiteral:通常由一個或多個字串參數標記和字面值組件合併組成的表達式;
-
strExpr:常數
STRING運算式通常包含一或多個 參數標記。 從 Databricks Runtime 18.0 開始,此符號已被棄用。
範例
Scala
// Creation of a table using parameter marker.
spark.sql("CREATE TABLE IDENTIFIER(:mytab)(c1 INT)", args = Map("mytab" -> "tab1"))
// Altering a table with a fixed schema and a parameterized table name.
spark.sql("ALTER TABLE IDENTIFIER('default.' || :mytab) ADD COLUMN c2 INT)", args = Map("mytab" -> "tab1"))
// Altering a table with a fixed schema and a parameterized table name in DBR 18.0 and above.
spark.sql("ALTER TABLE IDENTIFIER('default.' :mytab) ADD COLUMN c2 INT)", args = Map("mytab" -> "tab1"))
// Dropping a table with separate schema and table parameters.
spark.sql("DROP TABLE IDENTIFIER(:myschema || '.' || :mytab)", args = Map("mySchema" -> "default", "mytab" -> "tab1"))
// Dropping a table with separate schema and table parameters in DBR 18.0 and above.
spark.sql("DROP TABLE IDENTIFIER(:myschema '.' :mytab)", args = Map("mySchema" -> "default", "mytab" -> "tab1"))
// A parameterized reference to a table in a query. The table name is qualified and uses back-ticks.
spark.sql("SELECT * FROM IDENTIFIER(:mytab)", args = Map("mytab" -> "`default`.`tab1`"))
// You cannot qualify the IDENTIFIER claue or use it as a qualifier itself.
spark.sql("SELECT * FROM myschema.IDENTIFIER(:mytab)", args = Map("mytab" -> "`tab1`"))
spark.sql("SELECT * FROM IDENTIFIER(:myschema).mytab", args = Map("mychema" -> "`default`"))
// A parameterized column reference
spark.sql("SELECT IDENTIFIER(:col) FROM VALUES(1) AS T(c1)", args = Map("col" -> "t.c1"))
// Passing in an aggregate function name as a parameter
spark.sql("SELECT IDENTIFIER(:agg)(c1) FROM VALUES(1), (2) AS T(c1)", args = Map("agg" -> "max"))
SQL
-- Using a catalog using a variable.
> DECLARE mycat = 'main';
> USE CATALOG IDENTIFIER(mycat);
-- Creation of a table using variable.
> DECLARE mytab = 'tab1';
> CREATE TABLE IDENTIFIER(mytab)(c1 INT);
-- Altering a table with a fixed schema and a parameterized table name.
> ALTER TABLE IDENTIFIER('default.' || mytab) ADD COLUMN c2 INT;
-- Altering a table with a fixed schema and a parameterized table name in DBR 18.0 and above.
> ALTER TABLE IDENTIFIER('default.' || mytab) ADD COLUMN c2 INT;
-- Inserting using a parameterized table name. The table name is qualified and uses back-ticks.
> SET VAR mytab = '`default`.`tab1`';
> INSERT INTO IDENTIFIER(mytab) VALUES(1, 2);
-- A parameterized reference to a table in a query.
> SELECT * FROM IDENTIFIER(mytab);
1 2
-- Dropping a table with separate schema and table parameters.
> DECLARE myschema = 'default';
> SET VAR mytab = 'tab1';
> DROP TABLE IDENTIFIER(myschema || '.' || mytab);
-- In DBR 18.0 and above:
> DROP TABLE IDENTIFIER(myschema '.' mytab);
-- You cannot qualify the IDENTIFIER clause or use it as a qualifier itself prior to DBR 18.0.
> SELECT * FROM myschema.IDENTIFIER('tab');
Error: PARSE_SYNTAX_ERROR
> SELECT * FROM IDENTIFIER('default').mytab;
Error: PARSE_SYNTAX_ERROR
-- A parameterized column reference
> DECLARE col = 't.c1';
> SELECT IDENTIFIER(col) FROM VALUES(1) AS T(c1);
1
-- Passing in an aggregate function name as a parameter
> DECLARE agg = 'max';
> SELECT IDENTIFIER(agg)(c1) FROM VALUES(1), (2) AS T(c1);
2