diff --git a/DocService/sources/databaseConnectors/baseConnector.js b/DocService/sources/databaseConnectors/baseConnector.js
index cfdd5bf3..1668a230 100644
--- a/DocService/sources/databaseConnectors/baseConnector.js
+++ b/DocService/sources/databaseConnectors/baseConnector.js
@@ -370,14 +370,16 @@ function getEmptyCallbacks(ctx) {
 
 function getTableColumns(ctx, tableName) {
   return new Promise(function(resolve, reject) {
-    const sqlCommand = `SELECT column_name as "column_name" FROM information_schema.COLUMNS WHERE TABLE_NAME = '${tableName}';`;
+    let values = [];
+    let sqlParam = addSqlParameter(tableName, values);
+    const sqlCommand = `SELECT column_name as "column_name" FROM information_schema.COLUMNS WHERE TABLE_NAME = ${sqlParam};`;
     dbInstance.sqlQuery(ctx, sqlCommand, function(error, result) {
       if (error) {
         reject(error);
       } else {
         resolve(result);
       }
-    });
+    }, undefined, undefined, values);
   });
 }
 
diff --git a/DocService/sources/databaseConnectors/damengConnector.js b/DocService/sources/databaseConnectors/damengConnector.js
index 05025b66..84fa4733 100644
--- a/DocService/sources/databaseConnectors/damengConnector.js
+++ b/DocService/sources/databaseConnectors/damengConnector.js
@@ -156,7 +156,9 @@ function concatParams(val1, val2) {
 }
 
 async function getTableColumns(ctx, tableName) {
-  const result = await executeQuery(ctx, `SELECT column_name FROM DBA_TAB_COLUMNS WHERE table_name = '${tableName.toUpperCase()}';`);
+  let values = [];
+  let sqlParam = addSqlParameter(tableName.toUpperCase(), values);
+  const result = await executeQuery(ctx, `SELECT column_name FROM DBA_TAB_COLUMNS WHERE table_name = ${sqlParam};`, values);
   return result.map(row => { return { column_name: row.column_name.toLowerCase() }});
 }
 
diff --git a/DocService/sources/databaseConnectors/mssqlConnector.js b/DocService/sources/databaseConnectors/mssqlConnector.js
index 681a2ce1..8f745743 100644
--- a/DocService/sources/databaseConnectors/mssqlConnector.js
+++ b/DocService/sources/databaseConnectors/mssqlConnector.js
@@ -199,8 +199,10 @@ function concatParams(...parameters) {
 }
 
 function getTableColumns(ctx, tableName) {
-  const sqlCommand = `SELECT column_name FROM information_schema.COLUMNS WHERE TABLE_NAME = '${tableName}' AND TABLE_SCHEMA = 'dbo';`;
-  return executeQuery(ctx, sqlCommand);
+  let values = [];
+  let sqlParam = addSqlParameter(tableName, values);
+  const sqlCommand = `SELECT column_name FROM information_schema.COLUMNS WHERE TABLE_NAME = ${sqlParam} AND TABLE_SCHEMA = 'dbo';`;
+  return executeQuery(ctx, sqlCommand, values);
 }
 
 function getDocumentsWithChanges(ctx) {
diff --git a/DocService/sources/databaseConnectors/oracleConnector.js b/DocService/sources/databaseConnectors/oracleConnector.js
index 584035dc..153f1fc3 100644
--- a/DocService/sources/databaseConnectors/oracleConnector.js
+++ b/DocService/sources/databaseConnectors/oracleConnector.js
@@ -171,7 +171,9 @@ function concatParams(firstParameter, secondParameter) {
 }
 
 function getTableColumns(ctx, tableName) {
-  return executeQuery(ctx, `SELECT LOWER(column_name) AS column_name FROM user_tab_columns WHERE table_name = '${tableName.toUpperCase()}'`);
+  let values = [];
+  let sqlParam = addSqlParameter(tableName.toUpperCase(), values);
+  return executeQuery(ctx, `SELECT LOWER(column_name) AS column_name FROM user_tab_columns WHERE table_name = ${sqlParam}`, values);
 }
 
 function getEmptyCallbacks(ctx) {