pub const DB_QUERY_TEXT: &str = "db.query.text";
Expand description
The database query being executed.
For sanitization see Sanitization of db.query.text
.
For batch operations, if the individual operations are known to have the same query text then that query text SHOULD be used, otherwise all of the individual query texts SHOULD be concatenated with separator ;
or some other database system specific separator if more applicable.
Even though parameterized query text can potentially have sensitive data, by using a parameterized query the user is giving a strong signal that any sensitive data will be passed as parameter values, and the benefit to observability of capturing the static part of the query text by default outweighs the risk.
§Examples
SELECT * FROM wuser_table where username = ?
SET mykey "WuValue"