#198856 by hswong3i: Fix some incorrect use of %s for table name escaping, implement better security checks