I have a script in FME Server that gets called by a URL with parameters for the WHERE clause. The querystring on the URL looks like this:
some_example.fmw?Year=2010&Neighbourhood;=Kensington-Cedar%20Cottage
The WHERE clause in the database reader then looks like this:
neighbourhood = '$(Neighbourhood)' AND year(event_date) = $(Year)
Are these placeholders "parameterized" in the sense that an SQL injection would fail? If not, is there a way to do this?
Thanks