Joget DX 8 Stable Released
The stable release for Joget DX 8 is now available, with a focus on UX and Governance.
Table of Contents
Warning | ||
---|---|---|
| ||
When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query! Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable. Example of VULNERABLE query: SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id#' To fix this, use ?sql hash variable escape: SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#' |
JDBC Datalist Database Binder gives you the flexibility of designing a datalist by using your own custom SQL queries and database connection.
...