SOL-C01 · Question #295
SOL-C01 Question #295: Real Exam Question with Answer & Explanation
The correct answer is B: Use Snowflake's built-in parameterization feature within the SQL cell. For example: ```sql SELECT. Options B and C are the most secure and recommended approaches. Option B leverages Snowflake Notebook's built-in parameterization, which handles escaping and prevents SQL injection. Option C uses the `snowflake.connector' to achieve similar result. Option A is highly susceptible
Question
You are developing a Snowflake Notebook to analyze sales data. You want to create a dynamic SQL query that filters data based on a parameter passed from a user interface element (e.g., a dropdown). How can you best achieve this within a Snowflake Notebook, ensuring SQL injection vulnerabilities are mitigated?
Options
- ADirectly concatenate the parameter value into the SQL query string using Python string formatting.
- BUse Snowflake's built-in parameterization feature within the SQL cell. For example: ```sql SELECT
- CUse the `snowflake.connector' library to create a prepared statement with parameterized query
- DStore the parameter in a Snowflake session variable and reference the session variable in the SQL
- EUse JavaScript stored procedure to generate SQL string and execute the query.
Explanation
Options B and C are the most secure and recommended approaches. Option B leverages Snowflake Notebook's built-in parameterization, which handles escaping and prevents SQL injection. Option C uses the `snowflake.connector' to achieve similar result. Option A is highly susceptible to SQL injection. Option D is less suitable for dynamic parameters from a I-Jl. Option E increases the complexity significantly and doesn't directly address parameterization within the notebook environment.
Topics
Community Discussion
No community discussion yet for this question.