jgehling
(Jeff Gehling)
December 10, 2018, 11:35pm
1
Hello,
I am aware of SQL hardening enhancements in 10.2.300, however I have a calculated column that is just:
sum( (PartWhse.OnHandQty-PartWhse.AllocatedQty-PartWhse.ReservedQty-PartWhse.PickingQty-PartWhse.PickedQty) )
When checking the syntax I get an error “Possible SQL injection”
Is there a workaround for this? Thanks!
1 Like
Olga
(Olga Klimova)
December 11, 2018, 12:29am
2
Why do you use double ((?
1 Like
jgehling
(Jeff Gehling)
December 11, 2018, 2:23am
3
Typo , even singles do not work
Olga
(Olga Klimova)
December 11, 2018, 4:08am
4
why do you think this string is exactly the problem? maybe something else there? like comments /**/ ?
jgehling
(Jeff Gehling)
December 11, 2018, 5:12am
5
I deleted all calculated field expressions and then tested each expression one by one. This is the only expression that gives this error.
Did you inspect app server log for detailed SQL error?
2 Likes
This is a shot in the dark, but I typically use spaces between fields and operators. I avoid parentheses unless required (order of operations should work).
In your case I would put spaces between the fields and the minus sign.
You may also want to test it without the SUM (just to clarify the issue further).
3 Likes
jgehling
(Jeff Gehling)
December 11, 2018, 4:33pm
8
@Dmitry_Kashulin the error in the Epicor windows event log is:
“Possible SQL injection: ‘----) )’.
sum( (----) )”
@Jason_Woods I’ll try that
jgehling
(Jeff Gehling)
December 11, 2018, 4:38pm
9
@Jason_Woods THE SPACES FIXED THE ISSUE
Thanks!
We aware of this bug. It is fixed in 10.2.300.2.
Sorry for inconvenience.
2 Likes