Skip to main content

Reference

 

OutSystems

SQL Injection Warning

Message
Ensure the expand inline argument is protected by using EncodeSql(), or VerifySqlLiteral() from the Sanitization extension, to avoid security flaws.
Cause
The argument mentioned in the warning has a value that comes from the end-user input and that is susceptible to contain malicious content.
Recommendation

Do one of the following:

  • Disable the Expand Inline property of the Query Parameter;
  • Use the EncodeSql() built-in function to replace all SQL reserved characters by their escaped counterpart, so that they can be included in a SQL string;
  • Use the VerifySqlLiteral() function from the Sanitization extension to ensure that the value entered by the end-user only contains valid SQL literals.
  • Was this article helpful?