Injection safe call to IAxaptaRecord.ExecuteStmt()

后端未结

关注

 2  619

Is there an injection safe way to call via the axpata business connector

string salesId = someObject.Text;

IAxaptaRecord salesLine = ax.CreateRecord(\"SalesLine


                      
              相关标签:


      
      
        
          2条回答        

        
                         				            
            
           
            
                              
                
              
              
                
                  [愿得一人]        
                
              
                            
                2021-01-21 22:03
              
            
            
                                                                       
There is no way to be sure you have covered all cases ...

Using ExecuteStmt is most likely the wrong approach. You should write your select or whatever in an Axapta method (with parameters) then call that method.
                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
            
           
            
                              
                
              
              
                
                  我在风中等你        
                
              
                            
                2021-01-21 22:16
              
            
            
                                                                       
you should do a replace on ' to \'
e.g.

string salesId = someObject.Text.Replace("'", "\\'");

                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
                             
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复