cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with the input parameter in the SQL-query service

SOLVED
Highlighted
Alexandrite

Problems with the input parameter in the SQL-query service

Hi!

 

I have a service of SQL-query type, which selects all the data from the table of my Access database. If after From I specify the name of the table, the result is correct. But if I use the input parameter (SCP on the screenshot), in which I enter the same table name when executing the service, the result of operation is Null. What could be the reason?

 

Input parameter.png

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Problems with the input parameter in the SQL-query service

Input parameter into SQL with [[ ]] are treated as parameters ONLY, you are using it to designate a Table.

You can do this by using << >> which is string substitution.

BUT WARNING - This exposes your data base to SQL string injection!

IE I can specify SCP as 'DROP SCHEMA' and it will drop your schema.

Be sure to always Validate and Secure any Services that use String substitution.

View solution in original post

1 REPLY 1
Highlighted

Re: Problems with the input parameter in the SQL-query service

Input parameter into SQL with [[ ]] are treated as parameters ONLY, you are using it to designate a Table.

You can do this by using << >> which is string substitution.

BUT WARNING - This exposes your data base to SQL string injection!

IE I can specify SCP as 'DROP SCHEMA' and it will drop your schema.

Be sure to always Validate and Secure any Services that use String substitution.

View solution in original post

Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum!