# Using Variables in your Custom Query ### Overview Neurelo custom queries support variables so that values can be passed in to your queries during run time execution. Here is how to add a variable" ```sql SELECT * FROM "User" where id = {{ id }} ``` In the above query, {{ id }} is a variable that requires the user to pass the value of "id" at the when calling the endpoint for run-time execution. {% hint style="info" %} When you add a variable to a custom query, remember to specify the data-type for the variable {% endhint %}

### Accessing custom query API endpoints with variables Once you have a custom query with variables saved and deployed, you can use them depending on the `HTTP Method` defined in the custom query * GET & DELETE methods will use the query string params to pass the values for the variables in the request URL. e.g. `${API_URL}/custom/query?id=1` * POST, PATCH & PUT methods will use values for the variables specified in the request body, assuming the body is a valid JSON: ```sql { "id": 1, "anotherParameter": "Here" } ``` ### Important considerations * Variables do not need to be wrapped between single or double quotes for string datatypes, as we do the right parsing in our back end. ```sql ## Wrong SELECT * FROM "Users" where id = '{{ id }}' ## Correct SELECT * FROM "Users" where id = {{ id }} ``` * SQL Queries run as [Parametrized Queries](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html), meaning queries are protected from SQL Injection. * Supported variable types are: * Int * String * Array * Boolean * Float * A `List` variables purpose is to provide a list of values to be **spread** as the different elements of an array to be used in an `IN` clause in SQL, so that your queries can look like this: ```sql SELECT * FROM users WHERE id IN {{ ids }} ## Can turn into SELECT * FROM users where id IN ($id1, $id2, ...) ```