Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.4.0
-
None
Description
The parameterized query code does not block DDL statements from referencing parameter markers.
E.g. a
scala> spark.sql(sqlText = "CREATE VIEW v1 AS SELECT current_timestamp() + :later as stamp, :x * :x AS square", args = Map("later" -> "INTERVAL'3' HOUR", "x" -> "15.0")).show() ++ || ++ ++
It appears we have some protection that fails us when the view is invoked:
scala> spark.sql(sqlText = "SELECT * FROM v1", args = Map("later" -> "INTERVAL'3' HOUR", "x" -> "15.0")).show() org.apache.spark.sql.AnalysisException: [UNBOUND_SQL_PARAMETER] Found the unbound parameter: `later`. Please, fix `args` and provide a mapping of the parameter to a SQL literal.; line 1 pos 29
Right now I think affected are:
- DEFAULT definition
- VIEW definition
but any other future standard expression popping up is at risk, such as SQL Functions, or GENERATED COLUMN.
CREATE TABLE AS is debatable, since it it executes the query at definition only.
For simplicity I propose to block the feature from ANY DDL statement (CREATE, ALTER).