home-assistant · emontnemery · Nov 6, 2025 · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025
@@ -49,7 +49,9 @@
     {
         vol.Required(CONF_COLUMN_NAME): cv.string,
         vol.Required(CONF_NAME): cv.template,
-        vol.Required(CONF_QUERY): vol.All(cv.string, validate_sql_select),
+        vol.Required(CONF_QUERY): vol.All(
+            cv.template, ValueTemplate.from_template, validate_sql_select
+        ),
         vol.Optional(CONF_UNIT_OF_MEASUREMENT): cv.string,
         vol.Optional(CONF_VALUE_TEMPLATE): vol.All(
             cv.template, ValueTemplate.from_template

@@ -9,8 +9,6 @@
 from sqlalchemy.engine import Engine, Result
 from sqlalchemy.exc import MultipleResultsFound, NoSuchColumnError, SQLAlchemyError
 from sqlalchemy.orm import Session, scoped_session, sessionmaker
-import sqlparse
-from sqlparse.exceptions import SQLParseError
 import voluptuous as vol
 
 from homeassistant.components.recorder import CONF_DB_URL, get_instance
@@ -31,21 +29,28 @@
     CONF_UNIT_OF_MEASUREMENT,
     CONF_VALUE_TEMPLATE,
 )
-from homeassistant.core import callback
+from homeassistant.core import async_get_hass, callback
 from homeassistant.data_entry_flow import section
+from homeassistant.exceptions import TemplateError
 from homeassistant.helpers import selector
 
 from .const import CONF_ADVANCED_OPTIONS, CONF_COLUMN_NAME, CONF_QUERY, DOMAIN
-from .util import resolve_db_url
+from .util import (
+    EmptyQueryError,
+    InvalidSqlQuery,
+    MultipleQueryError,
+    NotSelectQueryError,
+    UnknownQueryTypeError,
+    check_and_render_sql_query,
+    resolve_db_url,
+)
 
 _LOGGER = logging.getLogger(__name__)
 
 
 OPTIONS_SCHEMA: vol.Schema = vol.Schema(
     {
-        vol.Required(CONF_QUERY): selector.TextSelector(
-            selector.TextSelectorConfig(multiline=True)
-        ),
+        vol.Required(CONF_QUERY): selector.TemplateSelector(),
         vol.Required(CONF_COLUMN_NAME): selector.TextSelector(),
         vol.Required(CONF_ADVANCED_OPTIONS): section(
             vol.Schema(
@@ -89,14 +94,12 @@
 
 def validate_sql_select(value: str) -> str:
     """Validate that value is a SQL SELECT query."""
-    if len(query := sqlparse.parse(value.lstrip().lstrip(";"))) > 1:
-        raise MultipleResultsFound
-    if len(query) == 0 or (query_type := query[0].get_type()) == "UNKNOWN":
-        raise ValueError
-    if query_type != "SELECT":
-        _LOGGER.debug("The SQL query %s is of type %s", query, query_type)
-        raise SQLParseError
-    return str(query[0])
+    hass = async_get_hass()
+    try:
+        return check_and_render_sql_query(hass, value)
+    except (TemplateError, InvalidSqlQuery) as err:
+        _LOGGER.debug("Invalid query '%s' results in '%s'", value, err.args[0])
+        raise
 
 
 def validate_db_connection(db_url: str) -> bool:
@@ -138,7 +141,7 @@ def validate_query(db_url: str, query: str, column: str) -> bool:
         if sess:
             sess.close()
             engine.dispose()
-        raise ValueError(error) from error
+        raise InvalidSqlQuery from error
 
     for res in result.mappings():
         if column not in res:
@@ -224,13 +227,13 @@ async def async_step_options(
             except NoSuchColumnError:
                 errors["column"] = "column_invalid"
                 description_placeholders = {"column": column}
-            except MultipleResultsFound:
+            except (MultipleResultsFound, MultipleQueryError):
                 errors["query"] = "multiple_queries"
             except SQLAlchemyError:
                 errors["db_url"] = "db_url_invalid"
-            except SQLParseError:
+            except (NotSelectQueryError, UnknownQueryTypeError):
                 errors["query"] = "query_no_read_only"
-            except ValueError as err:
+            except (TemplateError, EmptyQueryError, InvalidSqlQuery) as err:
                 _LOGGER.debug("Invalid query: %s", err)
                 errors["query"] = "query_invalid"
 
@@ -282,13 +285,13 @@ async def async_step_init(
             except NoSuchColumnError:
                 errors["column"] = "column_invalid"
                 description_placeholders = {"column": column}
-            except MultipleResultsFound:
+            except (MultipleResultsFound, MultipleQueryError):
                 errors["query"] = "multiple_queries"
             except SQLAlchemyError:
                 errors["db_url"] = "db_url_invalid"
-            except SQLParseError:
+            except (NotSelectQueryError, UnknownQueryTypeError):
                 errors["query"] = "query_no_read_only"
-            except ValueError as err:
+            except (TemplateError, EmptyQueryError, InvalidSqlQuery) as err:
                 _LOGGER.debug("Invalid query: %s", err)
                 errors["query"] = "query_invalid"
             else:

@@ -22,7 +22,7 @@
     MATCH_ALL,
 )
 from homeassistant.core import HomeAssistant
-from homeassistant.exceptions import TemplateError
+from homeassistant.exceptions import PlatformNotReady, TemplateError
 from homeassistant.helpers.device_registry import DeviceEntryType, DeviceInfo
 from homeassistant.helpers.entity_platform import (
     AddConfigEntryEntitiesCallback,
@@ -40,7 +40,9 @@
 
 from .const import CONF_ADVANCED_OPTIONS, CONF_COLUMN_NAME, CONF_QUERY, DOMAIN
 from .util import (
+    InvalidSqlQuery,
     async_create_sessionmaker,
+    check_and_render_sql_query,
     convert_value,
     generate_lambda_stmt,
     redact_credentials,
@@ -81,7 +83,7 @@ async def async_setup_platform(
         return
 
     name: Template = conf[CONF_NAME]
-    query_str: str = conf[CONF_QUERY]
+    query_template: ValueTemplate = conf[CONF_QUERY]
     value_template: ValueTemplate | None = conf.get(CONF_VALUE_TEMPLATE)
     column_name: str = conf[CONF_COLUMN_NAME]
     unique_id: str | None = conf.get(CONF_UNIQUE_ID)
@@ -96,7 +98,7 @@ async def async_setup_platform(
     await async_setup_sensor(
         hass,
         trigger_entity_config,
-        query_str,
+        query_template,
         column_name,
         value_template,
         unique_id,
@@ -119,6 +121,13 @@ async def async_setup_entry(
     template: str | None = entry.options[CONF_ADVANCED_OPTIONS].get(CONF_VALUE_TEMPLATE)
     column_name: str = entry.options[CONF_COLUMN_NAME]
 
+    query_template: ValueTemplate | None = None
+    try:
+        query_template = ValueTemplate(query_str, hass)
+        query_template.ensure_valid()
+    except TemplateError as err:
+        raise PlatformNotReady("Invalid SQL query template") from err
+
     value_template: ValueTemplate | None = None
     if template is not None:
         try:
@@ -137,7 +146,7 @@ async def async_setup_entry(
     await async_setup_sensor(
         hass,
         trigger_entity_config,
-        query_str,
+        query_template,
         column_name,
         value_template,
         entry.entry_id,
@@ -150,7 +159,7 @@ async def async_setup_entry(
 async def async_setup_sensor(
     hass: HomeAssistant,
     trigger_entity_config: ConfigType,
-    query_str: str,
+    query_template: ValueTemplate,
     column_name: str,
     value_template: ValueTemplate | None,
     unique_id: str | None,
@@ -166,22 +175,25 @@ async def async_setup_sensor(
     ) = await async_create_sessionmaker(hass, db_url)
     if sessmaker is None:
         return
-    validate_query(hass, query_str, uses_recorder_db, unique_id)
+    validate_query(hass, query_template, uses_recorder_db, unique_id)
 
+    query_str = check_and_render_sql_query(hass, query_template)
     upper_query = query_str.upper()
     # MSSQL uses TOP and not LIMIT
+    mod_query_template = query_template
     if not ("LIMIT" in upper_query or "SELECT TOP" in upper_query):
         if "mssql" in db_url:
-            query_str = upper_query.replace("SELECT", "SELECT TOP 1")
+            _query = query_template.template.replace("SELECT", "SELECT TOP 1")
         else:
-            query_str = query_str.replace(";", "") + " LIMIT 1;"
+            _query = query_template.template.replace(";", "") + " LIMIT 1;"
+        mod_query_template = ValueTemplate(_query, hass)
 
     async_add_entities(
         [
             SQLSensor(
                 trigger_entity_config,
                 sessmaker,
-                query_str,
+                mod_query_template,
                 column_name,
                 value_template,
                 yaml,
@@ -200,7 +212,7 @@ def __init__(
         self,
         trigger_entity_config: ConfigType,
         sessmaker: scoped_session,
-        query: str,
+        query: ValueTemplate,
         column: str,
         value_template: ValueTemplate | None,
         yaml: bool,
@@ -214,7 +226,6 @@ def __init__(
         self.sessionmaker = sessmaker
         self._attr_extra_state_attributes = {}
         self._use_database_executor = use_database_executor
-        self._lambda_stmt = generate_lambda_stmt(query)
         if not yaml and (unique_id := trigger_entity_config.get(CONF_UNIQUE_ID)):
             self._attr_name = None
             self._attr_has_entity_name = True
@@ -255,19 +266,30 @@ def _update(self) -> None:
         self._attr_extra_state_attributes = {}
         sess: scoped_session = self.sessionmaker()
         try:
-            result: Result = sess.execute(self._lambda_stmt)
+            rendered_query = check_and_render_sql_query(self.hass, self._query)
+            _lambda_stmt = generate_lambda_stmt(rendered_query)
+            result: Result = sess.execute(_lambda_stmt)
+        except (TemplateError, InvalidSqlQuery) as err:
+            _LOGGER.error(
+                "Error rendering query %s: %s",
+                redact_credentials(self._query.template),
+                redact_credentials(str(err)),
+            )
+            sess.rollback()
+            sess.close()
+            return
         except SQLAlchemyError as err:
             _LOGGER.error(
                 "Error executing query %s: %s",
-                self._query,
+                rendered_query,
                 redact_credentials(str(err)),
             )
             sess.rollback()
             sess.close()
             return
 
         for res in result.mappings():
-            _LOGGER.debug("Query %s result in %s", self._query, res.items())
+            _LOGGER.debug("Query %s result in %s", rendered_query, res.items())
             data = res[self._column_name]
             for key, value in res.items():
                 self._attr_extra_state_attributes[key] = convert_value(value)
@@ -287,6 +309,6 @@ def _update(self) -> None:
             self._attr_native_value = data
 
         if data is None:
-            _LOGGER.warning("%s returned no results", self._query)
+            _LOGGER.warning("%s returned no results", rendered_query)
 
         sess.close()
@@ -19,11 +19,13 @@
 )
 from homeassistant.exceptions import ServiceValidationError
 from homeassistant.helpers import config_validation as cv
+from homeassistant.helpers.trigger_template_entity import ValueTemplate
 from homeassistant.util.json import JsonValueType
 
 from .const import CONF_QUERY, DOMAIN
 from .util import (
     async_create_sessionmaker,
+    check_and_render_sql_query,
     convert_value,
     generate_lambda_stmt,
     redact_credentials,
@@ -37,7 +39,9 @@
 SERVICE_QUERY = "query"
 SERVICE_QUERY_SCHEMA = vol.Schema(
     {
-        vol.Required(CONF_QUERY): vol.All(cv.string, validate_sql_select),
+        vol.Required(CONF_QUERY): vol.All(
+            cv.template, ValueTemplate.from_template, validate_sql_select
+        ),
         vol.Optional(CONF_DB_URL): cv.string,
     }
 )
@@ -72,8 +76,9 @@ async def _async_query_service(
     def _execute_and_convert_query() -> list[JsonValueType]:
         """Execute the query and return the results with converted types."""
         sess: Session = sessmaker()
+        rendered_query = check_and_render_sql_query(call.hass, query_str)
         try:
-            result: Result = sess.execute(generate_lambda_stmt(query_str))
+            result: Result = sess.execute(generate_lambda_stmt(rendered_query))
         except SQLAlchemyError as err:
             _LOGGER.debug(
                 "Error executing query %s: %s",

@@ -8,7 +8,7 @@
       "db_url_invalid": "Database URL invalid",
       "multiple_queries": "Multiple SQL queries are not supported",
       "query_invalid": "SQL query invalid",
-      "query_no_read_only": "SQL query must be read-only"
+      "query_no_read_only": "SQL query is not a read-only SELECT query or it's of an unknown type"
     },
     "step": {
       "options": {