Thanks Manthan, I vote for "No objection" I have read the description here https://issues.apache.org/jira/browse/FINERACT-1095 and it is detailed enough for one to agree with the writer.
These are some of the reasons, why i love using Mifos (quality improvement everyday) My Kind Regards Francis Guchie Kirago *Skype:* francisguchie *Whatsapp: *232 79 19 44 07 *LINKEDIN:* https://www.linkedin.com/in/francis-guchie-kirago-a4379617/ twitter: @FrancisGuchie On Wed, Jul 22, 2020 at 11:59 PM Michael Vorburger <[email protected]> wrote: > Manthan, > > Thanks for raising this: > > On Sat, Jul 18, 2020 at 10:18 PM Manthan Surkar <[email protected]> > wrote: > >> Hello everyone, >> >> I am trying to convert String concatenated SQL to prepared SQL statements >> *,* >> > > just an FYI to others, the background here is > https://issues.apache.org/jira/browse/FINERACT-854. > > >> wherein I could not figure out the correct use of *sqlSearch *argument. >> >> Find it here: https://demo.mifos.io/api-docs/apiLive.htm#groups_list >> >> *Problem: * >> I tried various values for sqlSearch: >> accountNo = 1010101 (error, SQL injection exception) >> display_name like "%x%" (works) >> display_name like "%x%" and display_name like "%x%" (error, SQL >> injection exception). >> >> Are we trying to accept only few types of operators and only a single >> condition? or this result is not as excepted and requires a fix? >> > > I debugged this, and something like > https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true&sqlSearch=c.account_no=000000003&tenantIdentifier=default > works ... > > ... BUT - this is all wrong! :( I was quite surprised to "discover" the > sqlSearch query parameter of the API, thanks to your question here. It's... > bad, IMHO. > > https://issues.apache.org/jira/browse/FINERACT-1095 proposes to *REMOVE* > sqlSearch support from the Fineract API. Does anyone have any objections? > > If nobody objects to the API removal, and we ideally get some +1 votes of > support, then (ideally) we would need to replace 2 usages of sqlSearch in > the community-app UI. Is anyone reading this motivated to help with that? > > M. > Mifos-developer mailing list > [email protected] > Unsubscribe or change settings at: > https://lists.sourceforge.net/lists/listinfo/mifos-developer
