Hoppa till huvudinnehållet

How to escape strings in workflow for Query

James Blake
We have a workflow that does a query that was developed by a consultant.  I have recently discovered that it does not seem to escape the ' in the string that the user enters into a form.

 

Luckily this is only used internally so it should not be subject to malicious attacks.  However, I would like to fix it quickly.  What is the recommended way to escape strings that users input that are then put into querys?
0

Kommentarer

1 kommentar

Datum Röster
  • Permanently deleted user
    Hi James,

     

    At some point after your display form, you will want to use an Assign activity, and a string.replace to substitute a single quote, for a double single quote (not a double quote).

     

    For example:

     

    displayFormOut.ToString.replace("'", "''")

     

    I hope this helps!

     

    Thanks,

     

    Danny
    0

Du måste logga in om du vill lämna en kommentar.

Hittade du inte vad du sökte?

Nytt inlägg