Good Day Community,


I would just like to be enlightened or exampled on how to deal with Expand Inline Warning.

The problem is I have the following tables Cargo01, Cargo02, Cargo03 and so on and so forth and I needed to call all tables in a loop while removing the SQL Injection Warning. 

I placed an Input Parameter in my SQL which is @CargoTableNumber with the following properties, Data Type is Text and Expand Inline is Yes.

The value for CargoTableNumber is equal to "{CargoTableNumber" + FormatText(IntegerToText(Count),2,2,True,"0") + " }"

Any ideas and concept are welcomed :) 

Hi Penny,

did you tried to enclose FormatText(..) into EncodeSql()?

Hi, 

Just ignore the arning. It is placed to remember the developer that the inline parameter, if it comes from the end user of the application, must be sanitized to avoid SQL injection. 

If you are building the SQL without user participation, it is not a problem. 

@Aliaksandr

If he uses the EncodeSQL, the query will fail, as it is meant to be used on SQL literals, not SQL code. 

https://www.outsystems.com/forums/discussion/36202/use-case-of-encodesql/

Cheers