EncodeSql should only be used

IQ78

Solved

Question

Hi there,

I use this fragment in sort property of Refresh Data:

SyntaxEditor Code Snippet

EncodeSql(List_SortColumn_GetOrderBy(XXXXTable.Id, DefaultOrder: "LOSDATE"))

and the warning comes up:

EncodeSQL should only be used to escape string literals. Check the ....

Then, I tried to fix it, by concatenate with zero string, and the warning is gone:

SyntaxEditor Code Snippet

EncodeSql("" + List_SortColumn_GetOrderBy(XXXX.Id, DefaultOrder: "LOSDATE"))

My question, is this fixing is on the right track?

Regards

10 Sep 2019

Daniël Kuhlmann

MVP

Solution

Then you need it like this

EncodeSql(List_SortColumn_GetOrderBy(XXXXTable.Id, DefaultOrder: EncodeSql("LOSDATE")))

10 Sep 2019

Daniël Kuhlmann

MVP

IHi,

I don't think you need EncodeSQL in List SortColumn.

Regards,

Daniel

10 Sep 2019

IQ78

Hi Sir,

If i remove it, there is another warning:

Ensure the expand line argument is protected by using EncodeSql() or verifysqlLiteral()...

regards

10 Sep 2019

Daniël Kuhlmann

MVP

Solution

Then you need it like this

EncodeSql(List_SortColumn_GetOrderBy(XXXXTable.Id, DefaultOrder: EncodeSql("LOSDATE")))

10 Sep 2019

IQ78

Thank you very much Sir,

You are so helpful genius!

regards

10 Sep 2019

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.