How do I use an input inside a module to replace my table name ? (SQL)

I got an error when I use this syntax, do you have a solution ?

Hey @Williamh! This might be a prepared statements issue. Using dynamic values for table names or column names usually requires you to toggle a setting for the resource

By default, all of our SQL queries are converted to prepared statements to prevent SQL injection, meaning that table/database names and SQL functions aren't able to be defined using a string created dynamically. The main reason we currently convert all statements into prepared statements, is so that users can't enter malicious syntax (like DROP TABLE) into the variable fields.

You can disable this setting in the resource setup, but keep in mind the potential of submitting dangerous SQL through any of the variables referenced in a query. Disabling prepared statements can also break other existing queries. If that's something you'd like to explore, I often recommend setting up another copy of a resource with that setting enabled to help limit the surface area that you have to keep in mind SQL injection for.

Thank you for you quick response, I tried the option disable converting queries to prepared statements but now I end up with a new problem, could you help me please ?

Ah! Could you try surrounding everything after ‘where’ with parentheses?

Something like where (… OR column ilike…)

I've already tried this and it doesn't work.

I think you might have an issue where the
% is not being included at the time the query is running.
You might have to concat the % to the SearchArtistTextInput.value so that
{{SearchArtistTextInput.value}} actually equals
%SearchArtistTextInput.value% before you run the query....
Just riffing on this as I don't see additional code for that input field....

Hmm this should definitely work!

select * from actors WHERE ({{!textinput1.value}} OR first_name ilike {{'%' + textinput1.value + '%'}})

is working for me. Out of curiosity, if you hardcode the table name in and uncheck the prepared statements box, do you get a different error?