How to prevent query injection on Google Big Query

Question

I\'m writing some Google Big-query dynamic reporting utilities to our website, that will allow users to select a parameter to be replaced in the query. Given th

Answer 1

Check "Defense Option 3: Escaping All User Supplied Input" in OWASP:

https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_3:_Escaping_All_User_Supplied_Input

UPDATE: Parametrized queries are an option now

• https://cloud.google.com/bigquery/docs/parameterized-queries