Adds bound parameters for enhanced security

[fgheorghe]

• Introduces bound parameter support by adding an optional second parameter to method query(), named 'queryParams' of type array, or .queryParams optional 'query' object key of the same type.
• Updates documentation to reflect the availability of bound parameters

Examples:
await athenaExpress.query('SELECT * FROM movies WHERE movie_title = ?', ['Spider-Man']);
await athenaExpress
.query({ sql: 'SELECT * FROM movies WHERE movie_title = ?', queryParams: ['Spider-Man']});

[coveralls]

Pull Request Test Coverage Report for Build 100

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 100.0%

---

Totals
Change from base Build 91:	0.0%
Covered Lines:	3
Relevant Lines:	3

---

💛 - Coveralls

[mdesousa]

Hi, I was wondering about the status of this PR? Support for bound parameters is an important security feature... thanks!

[fgheorghe]

Hi @mdesousa - waiting for it to be merged as indeed it is useful!

[jhkueh]

Thanks for your wonderful work in creating this library, @ghdna.
Is there anything stopping this PR from being merged?
This is a critical security feature.

[ghdna]

ok, let me look into this one next.

[fgheorghe]

sorry - it's been a while, i can look into updating the code and resolve merge conflicts at some point soon to make it easier for @ghdna

[fgheorghe]

PR updated to bring it in line with master @ghdna
Please review

[lsharples1]

Wondering the status on this? Came across this PR 3 years later as I was looking for this feature. Still relevant, please merge if possible!

[pierre-marieb]

What is the PR status? Athena supports parameterized queries already so it would be really nice to have that integrated in athena-express.

[fgheorghe]

I suspect this project is abandoned, and considering it doesn't properly escape parameters I'd say it's not secure enough to use. One option is to use code from my PR:
https://github.com/fgheorghe/athena-express/tree/master

[pierre-marieb]

That's too bad... we went the direction of integrating sqlstring the same way that you did but it would have been nice to have that PR officially merged.

But if it's no longer maintained we might have to go back to using the regular AWS SDK I guess

[ghdna]

Its maintained. The PR has conflicts. Once they are resolved, I can merge it

[fgheorghe]

Conflicts have been resolved a year ago, and since then new conflicts have been introduced. I can not re-issue a fix as I don't have time for it.