pub fn substitute_params(
expr: &Expr,
params: &HashMap<String, Value>,
) -> Option<Expr>Expand description
Recursively replace Expr::Parameter(name) with a literal Expr resolved
from params. Returns None if any parameter is missing or its Value
cannot be represented as a Cypher literal (so the predicate cannot be
safely pushed to storage and the caller should fall back).
LanceFilterGenerator::value_to_lance deliberately rejects
Expr::Parameter to prevent SQL injection (CWE-89). Substituting at plan
time with the resolved value sidesteps that — values come from already-
authenticated query params and are emitted via the same string-escaping
path as inline literals.