Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X
Hi!
I have a service of SQL-query type, which selects all the data from the table of my Access database. If after From I specify the name of the table, the result is correct. But if I use the input parameter (SCP on the screenshot), in which I enter the same table name when executing the service, the result of operation is Null. What could be the reason?
Solved! Go to Solution.
Input parameter into SQL with [[ ]] are treated as parameters ONLY, you are using it to designate a Table.
You can do this by using << >> which is string substitution.
BUT WARNING - This exposes your data base to SQL string injection!
IE I can specify SCP as 'DROP SCHEMA' and it will drop your schema.
Be sure to always Validate and Secure any Services that use String substitution.
Input parameter into SQL with [[ ]] are treated as parameters ONLY, you are using it to designate a Table.
You can do this by using << >> which is string substitution.
BUT WARNING - This exposes your data base to SQL string injection!
IE I can specify SCP as 'DROP SCHEMA' and it will drop your schema.
Be sure to always Validate and Secure any Services that use String substitution.