Hello, I would like to know if the aggregate already have protection against code injection? or do I have to impose security concerns like an advanced query?

Thank you

Norman In

Hi Norman,

Aggregates are protected against SQL injection. Only parameters set to expand inline to "Yes" within Advanced Queries will need to be escaped.

Hi. 

Aggregates doesn't allow you to build dynamic SQL statement so far. Only is possible to execute dynamic SQL in advanced queries using expanded inline as true.

Probably the João answer can help you and explain better why:

https://www.outsystems.com/forums/discussion/36735/does-this-allow-sql-injection/#Post132323


thank you all