When using a regular fiter metabase injects the value as a value in the prepared statement.
like :
select * from products where price = {{price}};
will generate the prepared statement :
select * from products where price = $1
and will set the prepared statement’s parameter $1 = 1258 for example
but for field filter there is an sql fragment injection that brings no value except of restricting the use cases and provocking sql errors, it generates the query :
select * from products where price = "public"."products"."price" = $1
and set the parameter $1 = 1258
so I’m forced to rewrite my metabase query to :
select * from "public"."products" where {{price}};
Then the sql fragment injection works.
But this is absolutely nonsense !
Why would you need to generate an sql fragment in the first place ? Please just give me only the values in the prepared statement parameters like you do with the regular fields and it will work way better and work with aliases too if I want.
There are countless other similar issues regarding syntax errors and limitations using field filters and no real solution to this issue. I really don’t understand why you are generating such an sql fragment. At least give an option to not generate it and only bind the values.
on the first post: