Serge Rielau created SPARK-43205:
------------------------------------
Summary: Add an IDENTIFIER(stringLiteral) clause that maps a
string to an identifier
Key: SPARK-43205
URL: https://issues.apache.org/jira/browse/SPARK-43205
Project: Spark
Issue Type: New Feature
Components: Spark Core
Affects Versions: 3.5.0
Reporter: Serge Rielau
There is a requirement for SQL templates, where the table and or column names
are provided through substitution. This can be done today using variable
substitution:
SET hivevar:tabname = mytab;
SELECT * FROM ${ hivevar:tabname };
A straight variable substitution is dangerous since it does allow for SQL
injection:
SET hivevar:tabname = mytab, someothertab;
SELECT * FROM ${ hivevar:tabname };
A way to get around this problem is to wrap the variable substitution with a
clause that limits the scope t produce an identifier.
This approach is taken by Snowflake:
[https://docs.snowflake.com/en/sql-reference/session-variables#using-variables-in-sql]
SET hivevar:tabname = 'tabname';
SELECT * FROM IDENTIFIER(${ hivevar:tabname })
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
