RPostgreSQL - 将 R 中的参数传递给 RPostgreSQL 中的查询
RPostgreSQL - Passing Parameter in R to a Query in RPostgreSQL
问题:如何在 RPostgreSQL 查询中传递变量?
示例:在下面的示例中,我尝试将日期“2018-01-03”传递给查询
library(RPostgreSQL)
dt <- '2018-01-03'
connect <- dbConnect(PostgreSQL(),
dbname="test",
host="localhost",
port=5432,
user="user",
password="...")
result <- dbGetQuery(connect,
"SELECT * FROM sales_tbl WHERE date = @{dt}")
您可以使用 paste0 生成查询并将其传递给 dbGetQuery:
library(RPostgreSQL)
dt <- '2018-01-03'
connect <- dbConnect(PostgreSQL(),
dbname="test",
host="localhost",
port=5432,
user="user",
password="...")
query <- paste0("SELECT * FROM sales_tbl WHERE date='", dt, "'")
result <- dbGetQuery(connect, query)
最安全的方法是将查询参数化,如前所述here
示例:
library(RPostgreSQL)
dt <- '2018-01-03'
connect <- dbConnect(drv = PostgreSQL(),
dbname ="test",
host = "localhost",
port = 5432,
user = "user",
password = "...")
query <- "SELECT * FROM sales_tbl WHERE date= ?"
sanitized_query <- dbSendQuery(connect, query)
dbBind(sanitized_query, list(dt))
result <- dbFetch(sanitized_query)
此处通过传递 ? 您正在清理您的查询以避免 SQL 注入攻击。
我喜欢做的另一件事是创建 .Renviron 文件来存储我的凭据。例如,对于上面的连接,.Renviron 文件将如下所示。
dbname = test
dbuser = me
dbpass = mypass
dbport = 5432
dbhost = localhost
保存文件,重启RStudio(启动时加载.Renviron文件)。然后使用 Sys.getenv(variable)
访问凭据
#example:
connect <- dbConnect(drv = PostgreSQL(),
dbname = Sys.getenv("dbname"),
host = Sys.getenv("dbhost"),
port = Sys.getenv("dbport"),
user = Sys.getenv("dbuser"),
password = Sys.getenv("dbpass"))
问题:如何在 RPostgreSQL 查询中传递变量?
示例:在下面的示例中,我尝试将日期“2018-01-03”传递给查询
library(RPostgreSQL)
dt <- '2018-01-03'
connect <- dbConnect(PostgreSQL(),
dbname="test",
host="localhost",
port=5432,
user="user",
password="...")
result <- dbGetQuery(connect,
"SELECT * FROM sales_tbl WHERE date = @{dt}")
您可以使用 paste0 生成查询并将其传递给 dbGetQuery:
library(RPostgreSQL)
dt <- '2018-01-03'
connect <- dbConnect(PostgreSQL(),
dbname="test",
host="localhost",
port=5432,
user="user",
password="...")
query <- paste0("SELECT * FROM sales_tbl WHERE date='", dt, "'")
result <- dbGetQuery(connect, query)
最安全的方法是将查询参数化,如前所述here
示例:
library(RPostgreSQL)
dt <- '2018-01-03'
connect <- dbConnect(drv = PostgreSQL(),
dbname ="test",
host = "localhost",
port = 5432,
user = "user",
password = "...")
query <- "SELECT * FROM sales_tbl WHERE date= ?"
sanitized_query <- dbSendQuery(connect, query)
dbBind(sanitized_query, list(dt))
result <- dbFetch(sanitized_query)
此处通过传递 ? 您正在清理您的查询以避免 SQL 注入攻击。
我喜欢做的另一件事是创建 .Renviron 文件来存储我的凭据。例如,对于上面的连接,.Renviron 文件将如下所示。
dbname = test
dbuser = me
dbpass = mypass
dbport = 5432
dbhost = localhost
保存文件,重启RStudio(启动时加载.Renviron文件)。然后使用 Sys.getenv(variable)
#example:
connect <- dbConnect(drv = PostgreSQL(),
dbname = Sys.getenv("dbname"),
host = Sys.getenv("dbhost"),
port = Sys.getenv("dbport"),
user = Sys.getenv("dbuser"),
password = Sys.getenv("dbpass"))