SQL Query Parameters

BarelyInvolved · May 16, 2026, 1:50am

Is there a way to safely use unsanitized data in a SQL query within the “Import from database” or similar steps?

I need to parameterize a SELECT statement using user provided data and I can’t see a way to do this without there being the possibility of a SQL injection attack.

dgudkov · May 16, 2026, 2:26am

You can use the built-in parameter validation rules to validate user-provided data. For instance:

Restrict data type
Restrict value length (if text)
Restrict value range (if number)
Whitelist a particular subset of characters