Oracle error when using encodeSQL

Oracle error when using encodeSQL

  
Hi there,

I'm experiencing some problems when using the encodeSQL function.

I have and advanced query with two input parameters (expand inline set to yes). To prevent SQL injection, i've decided to encode these input parameters using que bult in function encodeSQL.

That specific query can be feeded by a query string or by application itself.

When using the application, it works fine but when using the query string i'm getting the following error:
"ORA-00907: missing right parenthesis"

Why is this happening?

I've only added the bult in function in the input parameter. Expand inline is still set to yes and no more changes were made.

Cheers,
Pedro Domingues
Hi Pedro,

Could you let us know what is the input string, and what is the resulting string after the encodeSQL operation?

Also, what's the query you're using that string in?

It would seem that you're encoding more things than you would want to be encoding, and so you're losing some parenthesis in there.

Regards,

Paulo Tavares
Hi Paulo,

Problem solved! =)

The problem is that i was encoding the entire sql used in the input parameter instead of encoding only the string value!

Thanks a lot.

Cheers,

Pedro Domingues