Parameterized queries

anshulchaintha7 · March 6, 2024, 4:39pm

does neo4j allows parameterized value for the label?
query = ( "CREATE (n: $node_type {ID: $id_value, Type: $node_type, Name: $name, Parent: $parent, Child: $child, Role: $role})" )

I am using python language
Thanks.

dana_canzano · March 6, 2024, 6:44pm

@anshulchaintha7

as from the Neo4j v5 documentation, but also applicable for prior versions,

Parameters cannot be used for the following constructs, as these form part of the query structure that is compiled into a query plan:

property keys; so MATCH (n) WHERE n.$param = 'something' is invalid

relationship types; so MATCH (n)-[:$param]→(m) is invalid

labels; so MATCH (n:$param) is invalid

Parameters may consist of letters and numbers, and any combination of these, but cannot start with a number or a currency symbol.

anshulchaintha7 · March 7, 2024, 5:45am

Thanks @dana_canzano.
I checked this query, this is working.
query = (
"CREATE (n:" + node_type + " {ID: $id_value, Name: $name, Parent: $parent, Child: $child, Role: $role})"
)

john.stegeman · March 7, 2024, 2:29pm

... just remember that string concatenation like this is how injection attacks start. Make sure you validate node_type if it is something a user can provide

anshulchaintha7 · March 7, 2024, 2:49pm

Thank you @john.stegeman

Topic		Replies	Views
Id's parametrizable? Sources for Answer "Yes" and for "No" Graph Academy & Certifications	4	115	May 8, 2024
Dynamically filling in label in a query gives an error Go	2	466	January 18, 2022
Use parameter :param with label and/or key? Neo4j Graph Platform cypher	4	364	December 22, 2020
Java driver session run query with errors Java cypher	3	613	February 12, 2023
Is searching/updating/creating nodes and relationship labels and parameters via string construction in n4j-bolt/py2neo unsafe? Python cypher	0	608	February 5, 2020

Demystifying Neo4j UX Research

Parameterized queries

Related topics