How to use parameterized SQL with dplyr?

Question

How to use parameterized SQL with dplyr?

I am trying to execute a SQL query with dplyr on SQL Server:

tbl(con, sql(sqlQuery))

The request is generated dynamically with sprintf("SELECT ... WHERE a = '%s'). This is bad practice because it can be used for SQL injection, but I cannot find any documentation or a working example for parameterized queries in dplyr. Can this be done, how?

Connection ( con) uses the DBI, the odbc library, and the ODBC driver {SQL Server Native Client 11.0}:

con <- DBI::dbConnect(odbc::odbc(),
                      Driver = "{SQL Server Native Client 11.0}",

+4

r r-dbi dplyr parameterized-query

ckarras Aug 21 '17 at 19:27

source share

1 answer

Seth Raithel · Answer 1 · 2017-11-14T14:56:21+0000

, , WHERE, R, dplyr-.

my_param <- "FILTER_VALUE" #create param
my_table <- tbl(con, "TABLE_NAME") #create ref tibble
my_table <- my_table %>% filter( a == my_param ) # filter by param
my_table <- my_table %>% collect() # execute query

, R, filter mutate.

How to use parameterized SQL with dplyr?

More articles: