Description
There is a requirement for SQL templates, where the table and or column names are provided through substitution. This can be done today using variable substitution:
SET hivevar:tabname = mytab;
SELECT * FROM ${ hivevar:tabname };
A straight variable substitution is dangerous since it does allow for SQL injection:
SET hivevar:tabname = mytab, someothertab;
SELECT * FROM ${ hivevar:tabname };
A way to get around this problem is to wrap the variable substitution with a clause that limits the scope t produce an identifier.
This approach is taken by Snowflake:
https://docs.snowflake.com/en/sql-reference/session-variables#using-variables-in-sql
SET hivevar:tabname = 'tabname';
SELECT * FROM IDENTIFIER(${ hivevar:tabname })