Query parameters in BigQuery

Query parameters in BigQuery. You need to know about them if you're constructing queries based on user input. What do they do?

They can help secure your query against SQL injection and can be recognized by the @ (for named usage) and ? (for positional usage).

Unlike variables, with whom we should not confound them, one cannot use them in the console (web IDE), but only with bq command line interface, API or client libraries.

You can ✅ :
- use parameters for expressions
- provide a datatype for the query parameter or omit it with STRING as default
- use complex types such as ARRAY or STRUCT

But you cannot ❌ :
- pass parameters as column or table names
- use positional AND named parameters at the same time

No alt text provided for this image

Found it useful? Subscribe to my Analytics newsletter at notjustsql.com.