So, apparently I have a calculated field in a BAQ that was OK in 2025.1, but it’s failing in our PILOT 2025.2 system. When I analyze the query, it’s giving a “Possible SQL Injection” error.
I’ve got a BAQ that’s accumulating quote data, and I’m linking to the Memo table to get memos from both the Header and the Detail. Rather than having a “Header Memo” field in the dashboard along with a “Detail Memo” field, I am combining them into one field via a calculated field. What I’m doing is if both fields have data in them, I WAS listing them both with the header prefixed with “(Header)”, and the line prefixed with “—(Line)”, and the memo description concatenated. The Calculated field was as follows:
(case when Memo.MemoDesc > '' and MemoDtl.MemoDesc > ''
and Memo.MemoDesc <> MemoDtl.MemoDesc then
'(Header) ' + Memo.MemoDesc + ' ---(Line) ' + MemoDtl.MemoDesc
else
(case when Memo.MemoDesc > '' then
Memo.MemoDesc
else
MemoDtl.MemoDesc end) end)
The three dashes that were hardcoded in the calculated field was what was causing the “Possible SQL Injection” error (technically, two dashes would’ve caused the error). It was there just for readability, so the result would look something like this:
(Header) Header memo description here ---(Line) Detail memo here.
I just removed the three dashes in the calculated field, and the error went away.
Figured I’d share here in case someone has the same issue.
we have a calculated field that is searching for semi colons to distinguish if a field has one or multiple email addresses in.