You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Does queryResult (Rest API method) escape ROQL queries?

Received Response
17
Views
3
Comments
edited Feb 20, 2018 11:47AM in Integrations and APIs 3 comments

Content

Hi there,

I am calling: this rest endpoint. We are sending in the following query (url encoded):

SELECT *
FROM Contacts
WHERE Contacts.Emails.Address = '`+email+`' LIMIT 1

Where email is entered by the client as thus potentially dangerous. I've tried escaping any single quotes present in email with another single quote (as recommended elsewhere on the forums), however I get a 400 bad request, so am I correct in assuming that I can defer the escaping and assume the REST endpoint will handle that?


Thanks

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!