search

bitnine-oss / agensgraph

AgensGraph, a transactional graph database based on PostgreSQL
http://www.agensgraph.org
Other
1.32k stars 146 forks source link

Using parameterized queries with Agens Graph #616

Open mihaj opened 1 year ago

mihaj commented 1 year ago

I am trying to parameterize Cypher queries in AgensGraph.

I know that Cypher supports some parametrization of parameters, but not sure if this is intended in AgensGraph. For example, I have this code:

            if (_npgsqlConnection.State != ConnectionState.Open) await _npgsqlConnection.OpenAsync();
            await using (var command = new NpgsqlCommand())
            {
                command.Connection = _npgsqlConnection;
                command.CommandText = @"CREATE GRAPH IF NOT EXISTS $graphName;";
                command.Parameters.AddWithValue("graphName", _graphName);
                command.UnknownResultTypeList = new[] { false, true };
                command.AllResultTypesAreUnknown = true;
                await command.ExecuteNonQueryAsync();
            }

I also tried command.CommandText = @"CREATE GRAPH IF NOT EXISTS @graphName;";

And I get back the

  Exception data:
    Severity: ERROR
    SqlState: 42601
    MessageText: syntax error at or near "$1"
    Position: 18
    File: scan.l
    Line: 1201
    Routine: scanner_yyerror

Is this even possible with Cypher and NpgsqlCommand?

samoscyberallenh commented 1 year ago

This is a PostgreSQL limitation. You couldn't use prepared statements with CREATE TABLE, for example.

In my opinion, your best bet here is probably to just validate the graphName with a strict whitelist regular expression (e.g., "^[a-zA-Z_]+$"), then build the CREATE GRAPH string with it.