cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
harfmt
Nintex Newbie

Workflow o365 Execute SQL not escaping parameters

We're getting a warning in our cloud sql database that Nintex is not escaping parameters when it's querying:

 

SELECT Job FROM <table> WHERE Site = '‍{Variable:varDBSite}‍'

 

Errors when a site name with a quote is passed:

 

SELECT Job FROM <table> WHERE Site = 'Rocky's Reward'

 

On-prem offers the option, however it looks like o365 doesn't? Is there a solution?

Labels: (1)
Tags (1)
0 Kudos
Reply
2 Replies
Nintex Employee
Nintex Employee

Re: Workflow o365 Execute SQL not escaping parameters

Hi,
Unfortunaley I do not have a solution for you but I just wanted to warn you about putting special characters into your site names. You will experience a lot more problems than just this. I have seen basic things like SharePoint online behaving differently between classic and Modern view just because of the apostraphe messing up the URL in Modern view.

0 Kudos
Reply
harfmt
Nintex Newbie

Re: Workflow o365 Execute SQL not escaping parameters

@SimonMuntz  Sorry I shouldn't have used the term 'Site'. It's not a sharepoint site. Anything that I have control of doesn't have special characters or spaces in them. This is the name of one of our mining sites.

 

The name 'Rocky's Reward' comes out of the sql database like this with the apostrophe. the 365 workflow sql query needs to be able to escape special characters like it did on-prem. Or we need a work around at the very least. 

0 Kudos
Reply