问题
Current code Example:
Scan * from table_name where name='ajith' and lastname='gupta';
In the real scenario, I will be getting different values. I need to pass those here in this above query and get the output. Also, it's better to prevent data injection.
Desired:
Scan * from table_name where name=? and lastname=?;
回答1:
Use the Expression Attribute Names and Expression Attribute Values parameters.
Javascript example using the DocumentClient:
let params = {
TableName: 'table_name',
KeyConditionExpression: '#lname = :lname and #name = :name',
ExpressionAttributeNames: {
'#name': 'name',
'#lname': 'lastname'
},
ExpressionAttributeValues: {
':name': 'ajith',
':lname': 'qupta',
}
}
dynamodbDocumentClient.query(params).promise().then(result => {
// soSomethingWithTheResultHere
})
This example assumes you have a table with partition and sort key of called name and lastname
See https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html for more information about queries.
来源:https://stackoverflow.com/questions/54037452/how-can-i-dynamically-substitute-where-condition-parameters-in-dynamodb