Building dynamic SQL? I would suggest avoiding that and sticking to parameterized queries.
I would strongly urge you to use this path: https://docs.mulesoft.com/connectors/db/database-connector-examples#use-input-parameters-to-protect-database-queries
It would be really easy to make this parameterized because all you'd have to do is passing in payload.Table.Where
as your parameterized object.
If you're pulling this from some kind of trusted source and have to do things this way I suppose you could ignore the columns array and do it this way pretty easily:
%dw 2.0
output application/json
---
if (payload.Table.Where?)
"where " ++ ((payload.Table.Where pluck "$($$) = '$($)'") reduce ($$ ++ " and " ++ $))
else
""
I'm sure there is a better way to do this, but if you wanted to still use the columns array you could also do this.
%dw 2.0
output application/json
---
"where " ++ (
payload.Table.Columns reduce ((col, wClause="") ->
if (not payload.Table.Where[col]?) wClause
else wClause ++ (if (wClause != "") " and " else "") ++ ("$(col) = '$(payload.Table.Where[col])'")
)
)