Simple RunPrepQuery Issue

Hi,
I am having an issue with a very simple query I am trying to run. I am trying to get all the data from the table by its name.
The code is below.

query = "SELECT * FROM ?"
s = "DrillPlates"
t = system.db.runPrepQuery(query, [s], "FASTDev")

So using this logic should be the same as running a script like

query = "SELECT * FROM DrillPlates"
test = system.db.runQuery(query,"FASTDev")

The bottom logic works fine as I expect the top logic causes an error
java.lang.Exception: java.lang.Exception: Error executing system.db.runPrepQuery(SELECT * FROM ?, , [DrillPlates], )

I am not sure why there is an error when these are the same query scripts just one is having the string argument prepped and the other is not. Any help is appreciated thank you.
All the testing for these scripts were in the script console on my client project.

JDBC will not allow you to provide SCHEMA information via parameters (e,g. column names, table names, commands, etc.)

You can do this via NamedQueries and utilizing a QueryString parameter, but be sure to not allow user entered data directly into that parameter.

Ok thank you for the information. I assume this is a preventive measure so tables are not destructed when running queries?

1 Like

Yes, it is part of the hardening against SQL Injection.

1 Like