potiuk commented on code in PR #62865:
URL: https://github.com/apache/airflow/pull/62865#discussion_r2914184831
##########
providers/mysql/src/airflow/providers/mysql/hooks/mysql.py:
##########
@@ -342,8 +342,13 @@ def bulk_load_custom(
conn = self.get_conn()
cursor = conn.cursor()
- sql_statement = f"LOAD DATA LOCAL INFILE %s %s INTO TABLE `{table}` %s"
- parameters = (tmp_file, duplicate_key_handling, extra_options)
+ # duplicate_key_handling and extra_options are SQL keywords (e.g.
IGNORE, REPLACE)
Review Comment:
Can we please also verify if these options folow the literals allowed ? And
also ideally add it as MyPy Literal type in the definiion - including table
anad extra_options? Those are interpolated directly so sql injection protection
here would be very handy (not strictly necessary - but this is potentially a
bag of worms.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
