Group by parameter

immo.mueller · April 24, 2019, 2:23pm

Hi,
is it possible to use a paramter in a group by? I tried it, but he is not grouping the data. My code looks like this:

SELECT revenue
FROM packet
GROUP BY ‘{{time}}’

Goal: I want to use different dates from each packet. (e.g. packet_created, packet_sent, packet_returned). All dates are added as a colum for eacht packet
packet created_at packet_sent … revenue
1 01.04.2019 24. 04.2019 1000€

jesse · April 24, 2019, 2:39pm

This is possible. But your syntax is weird. GROUP BY accepts column names but you’ve passed it a string wrapped in quotes. Remove the quotes and see what happens.

immo.mueller · April 26, 2019, 10:36am

perfect. It works! thanks

Jakdaw · April 29, 2019, 10:58am

That said - I believe in future redash intends to have better protection against SQL injection - which might break this sort of query…

There are still a few ways around this:

Refer to a column numerically, and let redash know that the parameter is a number:

SELECT packet_created, packet_sent, packet_returned, revenue FROM packet GROUP BY {{number}};

If your DB engine supports it - explicitly use dynamic SQL in your query and perform your own parameter checking. MySQL is certainly capable of this - although you’ll need https://github.com/getredash/redash/pull/3003 merged before Redash can use MySQL dynamic SQL functionality.

arikfr · April 29, 2019, 11:21am

We’re working to avoid this. For now this functionality is preserved, but if you have a text based parameter (i.e. any input) you won’t be able to share such query.If you were to use a drop down (with allowed column names), then it will all be fine.

Jakdaw · April 29, 2019, 12:52pm

Out of interest, which side will ‘Query Based Dropdown List’ fall into?

arikfr · April 30, 2019, 7:19am

Query Based Drop Downs also considered safe.

▼Categories

▼Tags

Group by parameter