zhongjiajie commented on code in PR #15238: URL: https://github.com/apache/dolphinscheduler/pull/15238#discussion_r1470656477
##########
docs/docs/en/guide/task/sql.md:
##########
@@ -28,6 +28,7 @@ Refer to [datasource-setting](../howto/datasource-setting.md)
`DataSource Center
| SQL statement | SQL statement.
|
| UDF function | For Hive DataSources, you can refer to UDF functions
created in the resource center, but other DataSource do not support UDF
functions.
|
| Custom parameters | SQL task type, and stored procedure is a custom
parameter order, to set customized parameter type and data type for the method
is the same as the stored procedure task type. The difference is that the
custom parameter of the SQL task type replaces the `${variable}` in the SQL
statement.
|
+| SQL injection | You can use SQL injection to change SQL, which will
replace `!{Variable}` in the SQL statement. For example, `select * from A where
a = !{Variable}`
|
Review Comment:
So as I see, when use `${variable}` it will alway add `"` between our
parameter, and `!{Variable}` will use the bare type of parameter like int or
string without `"`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
