BuildSafe_InClauseTextList  for more than 3 parameter and for sorting
Application Type
Reactive
Service Studio Version
11.53.10 (Build 61105)

Hi Team,

I am trying to remove the warning "Avoid enabling the Expand Inline property of a SQL Query Parameter since it could make your application vulnerable to SQL injection"  using BuildSafe_InClauseTextList and I was able to do with the help of this link and this.

and if I use https://www.outsystems.com/forums/discussion/78877/converting-text-to-textliteral/ this method it is giving an error -> invalid character

but how can I do it if I have more than 3 parameter if that expand inline is YES , should I add 3 BuildSafe_InClauseTextList action for all the parameters which contain expand inline YES ,

please suggest ,


Thanks

Nandini

Hi Nandini, 
if any of the 3 parameters are from an aggregate, instead of passing the values as input.  you can do a sub-query in your AdvancedSQL.
if the parameter values not from aggregates, then its better to use BuildSafe_InClauseTextList ot BuildSafe_InClauseIntegerList.


Thanks

Kavin

mvp_badge
MVP

Hi Nandini,

It would help to understand better your question if you share screenshot of your advances SQL with what type of input parameters you are passing and how you use them in your SQL statement.

Regards,

Daniel

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.