cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X

Problems with the input parameter in the SQL-query service

Go to solution
Mr_Henry_M
14-Alexandrite
14-Alexandrite
‎Jul 19, 2019 06:24 AM
‎Jul 19, 2019 06:24 AM

Problems with the input parameter in the SQL-query service

Hi!

 

I have a service of SQL-query type, which selects all the data from the table of my Access database. If after From I specify the name of the table, the result is correct. But if I use the input parameter (SCP on the screenshot), in which I enter the same table name when executing the service, the result of operation is Null. What could be the reason?

 

Input parameter.png

 

0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
PaiChung
22-Sapphire I
22-Sapphire I
(To:Mr_Henry_M)
‎Jul 19, 2019 09:01 AM
‎Jul 19, 2019 09:01 AM

Input parameter into SQL with [[ ]] are treated as parameters ONLY, you are using it to designate a Table.

You can do this by using << >> which is string substitution.

BUT WARNING - This exposes your data base to SQL string injection!

IE I can specify SCP as 'DROP SCHEMA' and it will drop your schema.

Be sure to always Validate and Secure any Services that use String substitution.

View solution in original post

Notify Moderator
1 REPLY 1
PaiChung
22-Sapphire I
22-Sapphire I
(To:Mr_Henry_M)
‎Jul 19, 2019 09:01 AM
‎Jul 19, 2019 09:01 AM

Input parameter into SQL with [[ ]] are treated as parameters ONLY, you are using it to designate a Table.

You can do this by using << >> which is string substitution.

BUT WARNING - This exposes your data base to SQL string injection!

IE I can specify SCP as 'DROP SCHEMA' and it will drop your schema.

Be sure to always Validate and Secure any Services that use String substitution.

Notify Moderator
Announcements


Contact Community Management
Top Tags