Skip to main content

Reference

 

OutSystems

SQL Injection Warning

Message
Ensure the expand inline argument is protected by using EncodeSql(), or VerifySqlLiteral() from the Sanitization extension, to avoid security flaws.
Cause
The argument mentioned in the warning has a value that comes from user input and that is susceptible to contain malicious content.
Recommendation

If your Parameter is just a string literal disable the Expand Inline property of the Query Parameter.

Example:

SELECT {entity}.[attribute]
FROM {entity}
WHERE {entity}.[attribute] LIKE @parameter;

Where parameter is equal to the user defined Text Variable, variable:

parameter = variable
  • Was this article helpful?