Hello NiFi Team,
I’m encountering issues when using the ExecuteSQL processor in Apache NiFi to
run SQL queries that include dynamic values from FlowFile attributes.
Specifically, when I use Expression Language to inject attributes like
${ParsedLogData.commandLine} into the query directly, the query fails whenever
the value includes problematic characters — such as single quotes ('), double
quotes, or backslashes.
Example error (PostgreSQL):
ERROR: syntax error at or near "AllSigned"
This stems from FlowFile attributes that contain shell command syntax or
PowerShell scripts, which naturally include characters that break SQL parsing
unless properly escaped. While I know I can work around this using
replaceAll("'", "''"), it becomes messy and hard to maintain.
I’m aware of the ability to use ? placeholders and sql.args.N.value/type
attributes, and I’ve used that successfully for individual fields. However,
this approach becomes difficult when dealing with queries that have 10+ fields
— some of which repeat — and across multiple processors or flows.
My questions:
Is there a more efficient way to handle escaping of special characters in SQL
queries in NiFi without manually escaping each field?
Are there plans to allow named parameter mapping (e.g., sql.args.command_line)
instead of strict numeric indexing?
I’d really appreciate your guidance on best practices for making ExecuteSQL
safer and easier to manage in complex flows.
I’m looking for any practical suggestions, workarounds, or upcoming features
that could help streamline this process.
Thank you for your support .
Best regards,
Eran izhak
