SQL Injection Warning in SilkUI sample, please advise how I can solve this...

Hi, I'm using one of silkUI templates and I have encountered the following warning that I am unable to solve. Can somebody please point me to the right direction please?


SQL Injection
Ensure the expand inline argument is protected by using EncodeSql(), or VerifySqlLiteral() from the Sanitization extension, to avoid security flaws.


When I double clicked to see what the warning is referring to, it refers me to something named:

SyntaxEditor Code Snippet


and the statement is:

DELETE FROM {ProjectColaborator}
WHERE {ProjectColaborator}.[ColaboratorId] IN (@ColaboratorsList)
AND {ProjectColaborator}.[ProjectId] = VerifySqlLiteral(@ProjectId)

Hi Connie,

You can use EncodeSql(INPUT) in the advanced sql parameters that you posted in your screenshot. So for ColaboratorsList you should give the input EncodeSql(ColaboratorsToDelete).