Hello everyone, I am trying to convert String concatenated SQL to prepared SQL statements*,* wherein I could not figure out the correct use of *sqlSearch *argument.
Find it here: https://demo.mifos.io/api-docs/apiLive.htm#groups_list *Problem: * I tried various values for sqlSearch: accountNo = 1010101 (error, SQL injection exception) display_name like "%x%" (works) display_name like "%x%" and display_name like "%x%" (error, SQL injection exception). Are we trying to accept only few types of operators and only a single condition? or this result is not as excepted and requires a fix? -Thanks Manthan
