Hi
i am using Sql query with where condition.All Input Parameters Expand Inline is Yes.but in AI Mentor Studio i am getting SQL Injection warning for that.all 4 parameters are simple Input parameter.how to resolve this thing.
I tried with Encodesql and Verify SQl Literal.its not a in Query if it is IN query then i can use build in safe but here how to resolve this.
Hi @Arkyadeep Bharadwaj ,
For 3 of them, just don't use expand inline, the MaxRecords and the TableSort are just normal parameters, no need.
For the SearchKeyWord, you'll probably also want to put the expand inline to no, and use an extra boolean, as explained in this page.
The only one you'll probably have to leave expand inline to yes, is the sort attribute, if you want to allow dynamic sorting. This is a matter of making sure that the value can in no way be manipulated by the end user, and then just ignoring the warning, knowing that you are not exposed to injection.
Dorine
But I change expand inline no for maxrecords and tablerecords then it is throwing error.may be I have to check what they are trying to pass.
You don't have to wait for others to pass someting, just test it with test values.
It will throw an error if maxRecords is 0.
If that is not it, can you share the whole query and the error thrown ?