[ODC] - SQL warning injection

Back to Forums

Joel Ponte

Question

Reactive

Security

ODC

Hey,

I would like to know how to get rid this warning on ODC.

Notes:

- This is a table sort and is dynamic, we tried BuildSafe_InClauseTextList, we get rid of the warning but doesn't work (as expected)

- I tried EncodeSQL function and a different warning is poping out "EncodeSql should only be used to escape string literals. Check the EncodeSql documentation to learn how to use this function."

- We are using ODC - Reactive app

Any suggestions?

Many thanks in advance

Joel Ponte

25 Jul 2024

Prince Kumar

Hello @Joel Ponte

I have come across some relevant content that may assist you with your issue. However, I cannot guarantee that it will have the same effect in ODC.

Please check this link and SQL Injections

Regards

Prince

25 Jul 2024

Siya

MVP

Please refer to the discussion on this at https://www.outsystems.com/forums/discussion/73908/best-way-to-solve-warning-using-dynamic-orderby-in-avancesql/

25 Jul 2024

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines