Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Fetch XML - prevent sq...
Microsoft Dynamics CRM (Archived)

Fetch XML - prevent sql injection

(0) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

Hello

I am generating fetch xml queries in my server side code

I want to escape characters for <filter condition="like"...>

What should I do?

*This post is locked for comments

  • Suggested answer
    LuHao Profile Picture
    LuHao 40,872 on at
    RE: Fetch XML - prevent sql injection

    Hi Amir,

    Could you provide your question background?

    <filter condition="like"...>

    can be converted into 

    WHERE column_name LIKE ...

    Hope this helps.

    Best Regards,

    Lu Hao

  • Suggested answer
    gdas Profile Picture
    gdas 50,085 on at
    RE: Fetch XML - prevent sql injection

    Hi Amir,

    Can you please elaborate what is your requirement ? why you want to escape those characters ? Normally FetchXML are executed by internal dynamics CRM request method , so for me you don't need to worry about SQL injection in Dynamics CRM.  

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans