{"id": "sql_queries:canned-queries-magic-parameters", "page": "sql_queries", "ref": "canned-queries-magic-parameters", "title": "Magic parameters", "content": "Named parameters that start with an underscore are special: they can be used to automatically add values created by Datasette that are not contained in the incoming form fields or query string. \n                 These magic parameters are only supported for canned queries: to avoid security issues (such as queries that extract the user's private cookies) they are not available to SQL that is executed by the user as a custom SQL query. \n                 Available magic parameters are: \n                 \n                     \n                         _actor_*  - e.g.  _actor_id ,  _actor_name \n                         \n                             Fields from the currently authenticated  Actors . \n                         \n                     \n                     \n                         _header_*  - e.g.  _header_user_agent \n                         \n                             Header from the incoming HTTP request. The key should be in lower case and with hyphens converted to underscores e.g.  _header_user_agent  or  _header_accept_language . \n                         \n                     \n                     \n                         _cookie_*  - e.g.  _cookie_lang \n                         \n                             The value of the incoming cookie of that name. \n                         \n                     \n                     \n                         _now_epoch \n                         \n                             The number of seconds since the Unix epoch. \n                         \n                     \n                     \n                         _now_date_utc \n                         \n                             The date in UTC, e.g.  2020-06-01 \n                         \n                     \n                     \n                         _now_datetime_utc \n                         \n                             The ISO 8601 datetime in UTC, e.g.  2020-06-24T18:01:07Z \n                         \n                     \n                     \n                         _random_chars_*  - e.g.  _random_chars_128 \n                         \n                             A random string of characters of the specified length. \n                         \n                     \n                 \n                 Here's an example configuration that adds a message from the authenticated user, storing various pieces of additional metadata using magic parameters: \n                 [[[cog\nconfig_example(cog, \"\"\"\ndatabases:\n  mydatabase:\n    queries:\n      add_message:\n        allow:\n          id: \"*\"\n        sql: |-\n          INSERT INTO messages (\n            user_id, message, datetime\n          ) VALUES (\n            :_actor_id, :message, :_now_datetime_utc\n          )\n        write: true\n\"\"\") \n                 ]]] \n                 [[[end]]] \n                 The form presented at  /mydatabase/add_message  will have just a field for  message  - the other parameters will be populated by the magic parameter mechanism. \n                 Additional custom magic parameters can be added by plugins using the  register_magic_parameters(datasette)  hook.", "breadcrumbs": "[\"Running SQL queries\", \"Canned queries\"]", "references": "[]"}