diff --git a/rdbms/wrapper/MysqlConn.cpp b/rdbms/wrapper/MysqlConn.cpp
index 798b1cd0b575855ff4c651f85012b6a64ed0c804..188ecc28b56c9dd645ab49158eb6e2e018d034d9 100644
--- a/rdbms/wrapper/MysqlConn.cpp
+++ b/rdbms/wrapper/MysqlConn.cpp
@@ -208,16 +208,17 @@ void MysqlConn::rollback() {
std::map<std::string, std::string> MysqlConn::getColumns(const std::string &tableName) {
try {
std::map<std::string, std::string> columnNamesAndTypes;
- const std::string sql =
+ const char *const sql =
"SELECT "
"COLUMN_NAME, "
"DATA_TYPE "
"FROM "
"INFORMATION_SCHEMA.COLUMNS "
"WHERE "
- "TABLE_NAME = '" + tableName +"'";
+ "TABLE_NAME = :TABLE_NAME";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", tableName);
auto rset = stmt->executeQuery();
while (rset->next()) {
auto name = rset->columnOptionalString("COLUMN_NAME");
diff --git a/rdbms/wrapper/OcciConn.cpp b/rdbms/wrapper/OcciConn.cpp
index d896d6ba089ec31d2677fee0ad5a0d00baf13c50..f21a20a60da3784161759a12f28a5a0f98332a08 100644
--- a/rdbms/wrapper/OcciConn.cpp
+++ b/rdbms/wrapper/OcciConn.cpp
@@ -167,16 +167,17 @@ void OcciConn::rollback() {
std::map<std::string, std::string> OcciConn::getColumns(const std::string &tableName) {
try {
std::map<std::string, std::string> columnNamesAndTypes;
- const std::string sql =
+ const char *const sql =
"SELECT "
"COLUMN_NAME, "
"DATA_TYPE "
"FROM "
"USER_TAB_COLUMNS "
"WHERE "
- "TABLE_NAME = '" + tableName +"'";
+ "TABLE_NAME = :TABLE_NAME";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", tableName);
auto rset = stmt->executeQuery();
while (rset->next()) {
auto name = rset->columnOptionalString("COLUMN_NAME");
diff --git a/rdbms/wrapper/PostgresConn.cpp b/rdbms/wrapper/PostgresConn.cpp
index 7f4975117945ab3b76a964a088e11a8b83b5eff8..e27ee6792f14e7e0b40beb5de3b21b9c5fced5c7 100644
--- a/rdbms/wrapper/PostgresConn.cpp
+++ b/rdbms/wrapper/PostgresConn.cpp
@@ -205,16 +205,17 @@ std::map<std::string, std::string> PostgresConn::getColumns(const std::string &t
std::map<std::string, std::string> columnNamesAndTypes;
auto lowercaseTableName = tableName;
utils::toLower(lowercaseTableName); // postgres work with lowercase
- const std::string sql =
+ const char *const sql =
"SELECT "
"COLUMN_NAME, "
"DATA_TYPE "
"FROM "
"INFORMATION_SCHEMA.COLUMNS "
"WHERE "
- "TABLE_NAME = '" + lowercaseTableName +"'";
+ "TABLE_NAME = :TABLE_NAME";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", lowercaseTableName);
auto rset = stmt->executeQuery();
while (rset->next()) {
auto name = rset->columnOptionalString("COLUMN_NAME");
diff --git a/rdbms/wrapper/SqliteConn.cpp b/rdbms/wrapper/SqliteConn.cpp
index 32e8cf3ae48e968b302c73558fb7479206c8e8ab..4a0a2eb63ca9c79a6299fe7bb566aa77a99c4fad 100644
--- a/rdbms/wrapper/SqliteConn.cpp
+++ b/rdbms/wrapper/SqliteConn.cpp
@@ -234,13 +234,13 @@ void SqliteConn::printSchema(std::ostream &os) {
std::map<std::string, std::string> SqliteConn::getColumns(const std::string &tableName) {
try {
std::map<std::string, std::string> columnNamesAndTypes;
- const std::string sql =
+ const char *const sql =
"SELECT "
"SQL AS SQL "
"FROM "
"SQLITE_MASTER "
"WHERE "
- "TBL_NAME = '" + tableName +"' "
+ "TBL_NAME = :TABLE_NAME "
"AND "
"TYPE = 'table';";
const std::string columnTypes =
@@ -251,6 +251,7 @@ std::map<std::string, std::string> SqliteConn::getColumns(const std::string &tab
"VARCHAR2";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", tableName);
auto rset = stmt->executeQuery();
if (rset->next()) {
auto tableSql = rset->columnOptionalString("SQL").value();