- Tue Jul 27, 2021 1:05 am
#829402
hi
I encountered a problem while using the API
I used the dropdownlist in dynamic forms and wrote a query for it to list cities by states as follows
select id , name from sys_cities where parent_id =@#FK_ProvinceID ORDER BY `name`
But when using the web service, it becomes SQL Injection as follows
url : api/1.0/workflow/project/3810212626028ab03488017019616799/process-variable/FK_CityID/execute-query
parameters :
{"FK_ProvinceID":"81971 union select usr_uid , usr_lastname from USERS","field_id":"FK_CityID","dyn_uid":"5566238366028af11c92f01059083231","app_uid":"26563220960fe7cd17ea610010200362","del_index":1}
Are there any settings to solve this problem?
I encountered a problem while using the API
I used the dropdownlist in dynamic forms and wrote a query for it to list cities by states as follows
select id , name from sys_cities where parent_id =@#FK_ProvinceID ORDER BY `name`
But when using the web service, it becomes SQL Injection as follows
url : api/1.0/workflow/project/3810212626028ab03488017019616799/process-variable/FK_CityID/execute-query
parameters :
{"FK_ProvinceID":"81971 union select usr_uid , usr_lastname from USERS","field_id":"FK_CityID","dyn_uid":"5566238366028af11c92f01059083231","app_uid":"26563220960fe7cd17ea610010200362","del_index":1}
Are there any settings to solve this problem?