From 8df757b280c8e17a8b70dce6f6249f34cb540791 Mon Sep 17 00:00:00 2001 From: Huan Chen <142538604+Genesis929@users.noreply.github.com> Date: Fri, 23 May 2025 10:54:05 -0700 Subject: [PATCH] docs: add note for bigquery parameter replacement introduction. (#589) For issue https://github.com/googleapis/genai-toolbox/issues/566 --------- Co-authored-by: Yuan <45984206+Yuan325@users.noreply.github.com> Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com> --- docs/en/resources/tools/bigquery-sql.md | 2 ++ docs/en/samples/bigquery/colab_quickstart_bigquery.ipynb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/en/resources/tools/bigquery-sql.md b/docs/en/resources/tools/bigquery-sql.md index b3f0ac0972..ea495a1ba7 100644 --- a/docs/en/resources/tools/bigquery-sql.md +++ b/docs/en/resources/tools/bigquery-sql.md @@ -20,6 +20,8 @@ parameters can be inserted into the query. BigQuery supports both named paramete (e.g., `@name`) and positional parameters (`?`), but they cannot be mixed in the same query. +> **Note:** This tool uses [parameterized queries](https://cloud.google.com/bigquery/docs/parameterized-queries) to prevent SQL injections. Query parameters can be used as substitutes for arbitrary expressions. Parameters cannot be used as substitutes for identifiers, column names, table names, or other parts of the query. + [bigquery-googlesql]: https://cloud.google.com/bigquery/docs/reference/standard-sql/ ## Example diff --git a/docs/en/samples/bigquery/colab_quickstart_bigquery.ipynb b/docs/en/samples/bigquery/colab_quickstart_bigquery.ipynb index dfe738e970..c9ae464299 100644 --- a/docs/en/samples/bigquery/colab_quickstart_bigquery.ipynb +++ b/docs/en/samples/bigquery/colab_quickstart_bigquery.ipynb @@ -493,7 +493,7 @@ "from langgraph.checkpoint.memory import MemorySaver\n", "\n", "from toolbox_langchain import ToolboxClient\n", - "import pprint\n", + "\n", "prompt = \"\"\"\n", " You're a helpful hotel assistant. You handle hotel searching, booking and\n", " cancellations. When the user searches for a hotel, mention it's name, id,\n",