SQL
Perform SQL queries using the SQL built-in.
Query
typescriptCopied1export default airplane.task(2{3slug: "find_user_by_name",4// Attach SQL resource to task5resources: ["my_sql_db"],6parameters: { name: "shorttext" },7},8async (params) => {9const run = await airplane.sql.query<{ id: string; name: string; email: string }>(10// The slug of the SQL resource to query11"my_sql_db",12// SQL query to execute13"select * from users where name ilike :name",14// Query arguments15{ args: { name: `%${params.name}%` } }16);17return run.output.Q1;18}19);
To protect against SQL injection, it is heavily encouraged that all user-provided input is passed as
a query argument. Each query argument has a unique identifier that can be referenced from the query
by prepending the identifier with a semicolon. For example, the following query has a query arg
identified by
name:sqlCopied1-- Query2select * from users3where name ilike :name;4-- Query Args5{ "name": "%colin%" }
API
javascriptCopied1export default airplane.task(2{3slug: "find_user_by_name",4// Attach SQL resource to task5resources: ["my_sql_db"],6parameters: { name: "shorttext" },7},8async (params) => {9const run = await airplane.sql.query(10// The slug of the SQL resource to query11"my_sql_db",12// SQL query to execute13"select * from users where name ilike :name",14// Query arguments15{ args: { name: `%${params.name}%` } }16);17return run.output.Q1;18}19);
To protect against SQL injection, it is heavily encouraged that all user-provided input is passed as
a query argument. Each query argument has a unique identifier that can be referenced from the query
by prepending the identifier with a semicolon. For example, the following query has a query arg
identified by
name:sqlCopied1-- Query2select * from users3where name ilike :name;4-- Query Args5{ "name": "%colin%" }
API
pythonCopied1import airplane23@airplane.task(4resources=[5# Attach SQL resource to task6airplane.Resource("my_sql_db"),7]8)9def find_user_by_name(name: str):10run = airplane.sql.query(11# The slug of the SQL resource to query12sql_resource="my_sql_db",13# SQL query to execute14query="select * from users where name ilike :name",15# Query arguments16query_args={"name": f"%{name}%"},17)18return run.output["Q1"]
To protect against SQL injection, it is heavily encouraged that all user-provided input is passed as
a query argument. Each query argument has a unique identifier that can be referenced from the query
by prepending the identifier with a semicolon. For example, the following query has a query arg
identified by
name:sqlCopied1-- Query2select * from users3where name ilike :name;4-- Query Args5{ "name": "%colin%" }
API