Use parameterized Flux queries
InfluxDB Cloud supports parameterized Flux queries that let you dynamically change values in a query using the InfluxDB API. Parameterized queries make Flux queries more reusable and can also be used to help prevent injection attacks.
Prevent injection attacks
Use parameterized queries when executing Flux queries with untrusted user input; for example, in a web or IoT application. For more information on security and query parameterization, see the OWASP SQL Injection Prevention Cheat Sheet. While this guide is about SQL, it contains useful general advice.
The InfluxDB Cloud /api/v2/query API endpoint
accepts a params field in the request body.
The params field is a JSON object with key-value pairs where the key is a
parameter name and the value is the parameter value.
For example:
"params": {
"ex1": "foo",
"ex2": "bar"
}
InfluxDB Cloud inserts the params JSON object into the Flux query as a
Flux record named params.
Use dot or bracket notation
to access parameters in the params record in your Flux query.
For example, using the example params JSON above, the following query
from(bucket: params.ex1)
|> range(start: -1h)
|> filter(fn: (r) => r._measurement == params.ex2)
would execute as
from(bucket: "foo")
|> range(start: -1h)
|> filter(fn: (r) => r._measurement == "bar")
Example
To use a parameterized query, do the following:
Create your Flux query. Use dot or bracket notation to reference parameters inside the
paramsrecord to populate values at query time. The following example usesparams.mybucketto define the bucket name.from(bucket: params.mybucket) |> range(start: -7d) |> limit(n:2)Use the InfluxDB Cloud
/api/v2/queryAPI endpoint to execute your query. Provide the following in your request body:- query: Raw Flux query to execute
- params: JSON object with key-value pairs for each parameter to include in the query.
For example:
curl --request POST \ 'https://cloud2.influxdata.com/api/v2/query?orgID=<YourOrgID>' \ --header 'authorization: Token <YourAuthToken>' \ --header 'content-type: application/json' \ --data '{ "query":"from(bucket: params.mybucket) |> range(start: -7d) |> limit(n:2)", "params":{ "mybucket":"telegraf" } }'
Supported parameter data types
Parameterized Flux queries support int, float, and string data types.
To convert the supported data types into other Flux basic data types,
use Flux type conversion functions.
For example, to define the start parameter of the range() function using a parameterized duration value:
Use the
duration()function to convert theparamvalue into a duration:from(bucket:"example-bucket") |> range(start: duration(v: params.mystart)) |> limit(n:2)In the
paramfield of your query request body, format the duration parameter as a string:{ "query": "from(bucket:\"example-bucket\") |> range(start: duration(v : params.mystart)) |> limit(n:2)", "params": { "mystart": "-7d" } }
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.