|
Right now, we don't have a way to pass variables and data outside of the string. This can cause some security concerns in downstream applications, plus its means variable interpolation is required which can be annoying and troublesome.
The rough idea would be to support the `?` notation, and pass data variables out of band from the query itself.
For those concerned about security for now, we recommend using the stable AST query language if there is any general fear, as it makes variable inter-placement much more secure.
/cc Russell Mull does this sound about right?
|
