Documentation

InfluxDB 3 Enterprise

Use parameterized queries with InfluxQL

Parameterized queries in InfluxDB 3 Enterprise let you dynamically and safely change values in a query. If your application code allows user input to customize values or expressions in a query, use a parameterized query to make sure untrusted input is processed strictly as data and not executed as code.

Parameterized queries:

  • help prevent injection attacks, which can occur if input is executed as code
  • help make queries more reusable

Prevent injection attacks

For more information on security and query parameterization, see the [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/> SQL_Injection_Prevention_Cheat_Sheet.html#defense-option-1-prepared-statements-with-parameterized-queries).

In InfluxDB 3, a parameterized query is an InfluxQL or SQL query that contains one or more named parameter placeholders–variables that represent input data.

Parameters only supported in WHERE expressions

InfluxDB 3 supports parameters in WHERE clause predicate expressions. Parameter values must be one of the allowed parameter data types.

If you use parameters in other expressions or clauses, such as function arguments, SELECT, or GROUP BY, then your query might not work as you expect.

Use parameters in WHERE expressions

You can use parameters in WHERE clause predicate expressions-–for example, the following query contains a $temp parameter:

SELECT * FROM measurement WHERE temp > $temp

When executing a query, you specify parameter name-value pairs. The value that you assign to a parameter must be one of the parameter data types.

{"temp": 22.0}

The InfluxDB Querier parses the query text with the parameter placeholders, and then generates query plans that replace the placeholders with the values that you provide. This separation of query structure from input data ensures that input is treated as one of the allowed data types and not as executable code.

Parameter data types

A parameter value can be one of the following data types:

  • Null
  • Boolean
  • Unsigned integer (u_int64)
  • Integer (int64)
  • Double (float64)
  • String

Data type examples

{
  "string": "Living Room",
  "double": 3.14,
  "unsigned_integer": 1234,
  "integer": -1234,
  "boolean": false,
  "null": Null,
}

Time expressions

To parameterize time bounds, substitute a parameter for a timestamp literal–for example:

SELECT *
FROM home
WHERE time >= $min_time

For the parameter value, specify the timestamp literal as a string–for example:

// Assign a timestamp string literal to the min_time parameter.
parameters := influxdb3.QueryParameters{
    "min_time": "2022-01-01 00:00:00.00",
}

InfluxDB executes the query as the following:

SELECT *
FROM home
WHERE time >= '2022-01-01 00:00:00.00'

Not compatible with parameters

If you use parameters for the following, your query might not work as you expect:

  • In clauses other than WHERE, such as SELECT or GROUP BY
  • As function arguments, such as avg($temp)
  • In place of identifiers, such as column or table names
  • In place of duration literals, such as time > now() - $min_duration

Parameterize an SQL query

Sample data

The following examples use the Home sensor sample data. To run the example queries and return results, write the sample data to your InfluxDB 3 Enterprise database before running the example queries.

To use a parameterized query, do the following:

  1. In your query text, use the $parameter syntax to reference a parameter name–for example, the following query contains $room and $min_temp parameter placeholders:

    SELECT *
FROM home
WHERE time > now() - 7d
AND temp >= $min_temp
AND room = $room

  2. Provide a value for each parameter name. If you don’t assign a value for a parameter, InfluxDB returns an error. The syntax for providing parameter values depends on the client you use–for example:

    Go

    // Define a QueryParameters struct--a map of parameters to input values.
parameters := influxdb3.QueryParameters{
    "room": "Kitchen",
    "min_temp": 20.0,
}

After InfluxDB receives your request and parses the query, it executes the query as

SELECT *
FROM home
WHERE time > now() - 7d
AND temp >= 20.0
AND room = 'Kitchen'

Execute parameterized InfluxQL queries

Sample data

The following examples use the Home sensor sample data. To run the example queries and return results, write the sample data to your InfluxDB 3 Enterprise database before running the example queries.

Use the HTTP API

InfluxDB 3 Enterprise provides the /api/v3/query_influxql HTTP API endpoint for executing InfluxQL queries with parameters.

POST /api/v3/query_influxql

Send a JSON object that contains db (database), q (query), and params (parameter name-value pairs) properties in the request body.

The following example sends a parameterized InfluxQL query to the /api/v3/query_influxql endpoint:

<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8181/api/v3/query_influxql&#34;</span> <span class="se">\

–header "Authorization: Bearer

AUTH_TOKEN
"
–header "Content-Type: application/json"
–data '{ "db": "
DATABASE_NAME
", "q": "SELECT * FROM home WHERE time >= $min_time AND temp >= $min_temp AND room = $room", "params": { "min_time": "2022-01-01T08:00:00Z", "min_temp": 22.0, "room": "Kitchen" } }'

Replace the following:

  • DATABASE_NAME: the name of the database to query
  • AUTH_TOKEN: your database token with permission to query the specified database

The response body contains query results in JSON format:

[
  {"iox::measurement":"home","time":"2022-01-01T09:00:00","co":0,"hum":36.2,"room":"Kitchen","temp":23.0},
  {"iox::measurement":"home","time":"2022-01-01T10:00:00","co":0,"hum":36.1,"room":"Kitchen","temp":22.7},
  {"iox::measurement":"home","time":"2022-01-01T11:00:00","co":0,"hum":36.0,"room":"Kitchen","temp":22.4},
  {"iox::measurement":"home","time":"2022-01-01T12:00:00","co":0,"hum":36.0,"room":"Kitchen","temp":22.5}
]

Use InfluxDB Flight RPC clients

Using the InfluxDB 3 native Flight RPC protocol and supported clients, you can send a parameterized query and a list of parameter name-value pairs. InfluxDB Flight clients that support parameterized queries pass the parameter name-value pairs in a Flight ticket params field.

The following examples show how to use client libraries to execute parameterized InfluxQL queries:

Go

import (
    "context"
    "fmt"
    "io"
    "os"
    "text/tabwriter"
    "time"
    "github.com/InfluxCommunity/influxdb3-go/v2/influxdb3"
)

func Query(query string, parameters influxdb3.QueryParameters,
 options influxdb3.QueryOptions) error {
    url := os.Getenv("INFLUX_HOST")
    token := os.Getenv("INFLUX_TOKEN")
    database := os.Getenv("INFLUX_DATABASE")

    // Instantiate the influxdb3 client.
    client, err := influxdb3.New(influxdb3.ClientConfig{
        Host:     url,
        Token:    token,
        Database: database,
    })

    if err != nil {
        panic(err)
    }

    // Ensure the client is closed after the Query function finishes.
    defer func(client *influxdb3.Client) {
        err := client.Close()
        if err != nil {
            panic(err)
        }
    }(client)

    // Call the client's QueryWithParameters function.
    // Provide the query, parameters, and the InfluxQL QueryType option.
    iterator, err := client.QueryWithParameters(context.Background(), query,
    parameters, influxdb3.WithQueryType(options.QueryType))

    // Create a buffer for storing rows as you process them.
    w := tabwriter.NewWriter(io.Discard, 4, 4, 1, ' ', 0)
    w.Init(os.Stdout, 0, 8, 0, '\t', 0)

    fmt.Fprintf(w, "time\troom\tco\thum\ttemp\n")

    // Format and write each row to the buffer.
    // Process each row as key-value pairs.
    for iterator.Next() {
        row := iterator.Value()
        // Use Go time package to format unix timestamp
        // as a time with timezone layout (RFC3339 format)
        time := (row["time"].(time.Time)).
                Format(time.RFC3339)

        fmt.Fprintf(w, "%s\t%s\t%d\t%.1f\t%.1f\n",
            time, row["room"], row["co"], row["hum"], row["temp"])
    }
    w.Flush()

    return nil
}

func main() {
    // Use the $placeholder syntax in a query to reference parameter placeholders
    // for input data.
    // The following InfluxQL query contains the placeholders $room and $min_temp.
    query := `
        SELECT *
        FROM home
        WHERE time > now() - 7d
        AND temp >= $min_temp
        AND room = $room`

    // Define a QueryParameters struct--a map of placeholder names to input values.
    parameters := influxdb3.QueryParameters{
        "room": "Kitchen",
        "min_temp": 20.0,
    }

    Query(query, parameters, influxdb3.QueryOptions{
        QueryType: influxdb3.InfluxQL,
    })
}

Client support for parameterized queries

Not supported

Currently, parameterized queries in InfluxDB 3 Enterprise don’t provide the following:

query security influxql

Was this page helpful?

Thank you for your feedback!

© 2026 InfluxData, Inc.

What is your InfluxDB 3 Enterprise URL?

Customize your InfluxDB 3 Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

Select a new date

Select a date in your database's retention period.

Update

InfluxDB 3.9: Performance upgrade preview

InfluxDB 3 Enterprise 3.9 includes a beta of major performance upgrades with faster single-series queries, wide-and-sparse table support, and more.

InfluxDB 3 Enterprise 3.9 includes a beta of major performance and feature updates.

Key improvements:

  • Faster single-series queries
  • Consistent resource usage
  • Wide-and-sparse table support
  • Automatic distinct value caches for reduced latency with metadata queries

Preview features are subject to breaking changes.

For more information, see:

Telegraf Enterprise now in public beta

Get early access to the Telegraf Controller and provide feedback to help shape the future of Telegraf Enterprise.

See the Blog Post

The upcoming Telegraf Enterprise offering is for organizations running Telegraf at scale and is comprised of two key components:

  • Telegraf Controller: A control plane (UI + API) that centralizes Telegraf configuration management and agent health visibility.
  • Telegraf Enterprise Support: Official support for Telegraf Controller and Telegraf plugins.

Join the Telegraf Enterprise beta to get early access to the Telegraf Controller and provide feedback to help shape the future of Telegraf Enterprise.

For more information:

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On May 27, 2026, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2