Group by parameter


is it possible to use a paramter in a group by? I tried it, but he is not grouping the data. My code looks like this:

SELECT revenue
FROM packet
GROUP BY ‘{{time}}’

Goal: I want to use different dates from each packet. (e.g. packet_created, packet_sent, packet_returned). All dates are added as a colum for eacht packet
packet created_at packet_sent … revenue
1 01.04.2019 24. 04.2019 1000€


This is possible. But your syntax is weird. GROUP BY accepts column names but you’ve passed it a string wrapped in quotes. Remove the quotes and see what happens.


perfect. It works! thanks

1 Like

That said - I believe in future redash intends to have better protection against SQL injection - which might break this sort of query…

There are still a few ways around this:

  • Refer to a column numerically, and let redash know that the parameter is a number:

SELECT packet_created, packet_sent, packet_returned, revenue FROM packet GROUP BY {{number}};

  • If your DB engine supports it - explicitly use dynamic SQL in your query and perform your own parameter checking. MySQL is certainly capable of this - although you’ll need merged before Redash can use MySQL dynamic SQL functionality.

We’re working to avoid this. For now this functionality is preserved, but if you have a text based parameter (i.e. any input) you won’t be able to share such query.If you were to use a drop down (with allowed column names), then it will all be fine.


Out of interest, which side will ‘Query Based Dropdown List’ fall into?


Query Based Drop Downs also considered safe.