This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
Passing parameters to a query
editPassing parameters to a query
editUsing values in a query condition, for example, or in a HAVING
statement can be done "inline",
by integrating the value in the query string itself:
resp = client.sql.query( format="txt", query="SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0", ) print(resp)
response = client.sql.query( format: 'txt', body: { query: "SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0" } ) puts response
const response = await client.sql.query({ format: "txt", query: "SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0", }); console.log(response);
POST /_sql?format=txt { "query": "SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0" }
or it can be done by extracting the values in a separate list of parameters and using question mark placeholders (?
) in the query string:
resp = client.sql.query( format="txt", query="SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?", params=[ 300, "Frank Herbert", 0 ], ) print(resp)
response = client.sql.query( format: 'txt', body: { query: 'SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?', params: [ 300, 'Frank Herbert', 0 ] } ) puts response
const response = await client.sql.query({ format: "txt", query: "SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?", params: [300, "Frank Herbert", 0], }); console.log(response);
POST /_sql?format=txt { "query": "SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?", "params": [300, "Frank Herbert", 0] }
The recommended way of passing values to a query is with question mark placeholders, to avoid any attempts of hacking or SQL injection.