Configuring DynamicSQL Services
Creating a DynamicSQL service allows you to configure a dynamic SQL statement, part of which you set at run time using input fields. At run time, the service will create the SQL statement by combining the contents of the input fields and then executing it. This is useful when you need the flexibility to set all or part of a SQL statement at run time, instead of at design time.
Important:
Adapter for JDBC does not validate the input parameters of a DynamicSQL service for any malicious SQL injections. When you use a variable input parameter such as the text ${INPUT_FIELD_NAME} in a DynamicSQL service, you must take extra measures to avoid potential security risks by, for example, using a wrapper service for your DynamicSQL service that will validate the variable input parameters.