Community

All Communities

Products

ArcGIS Pro ArcGIS Survey123 ArcGIS Online ArcGIS Enterprise Data Management ArcGIS Experience Builder Geoprocessing ArcGIS Web AppBuilder ArcGIS Field Maps ArcGIS Dashboards ArcGIS StoryMaps All Products Communities

Industries

Education Water Resources State & Local Government Transportation Gas and Pipeline Water Utilities Roads and Highways Telecommunications Natural Resources Imagery and Remote Sensing Insights (IRIS) COP Electric All Industries Communities

Developers

Python JavaScript Maps SDK Native Maps SDKs ArcGIS API for Python ArcGIS Pro SDK ArcObjects SDK Developers - General ArcGIS REST APIs and Services ArcGIS Online Developers Game Engine Maps SDKs File Geodatabase API All Developers Communities

Global

Comunidad Esri Colombia - Ecuador - Panamá ArcGIS 開発者コミュニティ Czech GIS ArcNesia Europe Asia Pacific Americas Esri India Comunidad GEOTEC GeoDev Germany ArcGIS Content - Esri Nederland All Global Communities

All Communities

Developers User Groups Industries Services Community Resources Global Events Learning Networks ArcGIS Topics Products View All Communities
ArcGIS Ideas
GIS Life
Community Resources

Community Help Documents

Community Blog

Community Feedback

Member Introductions

All Community Resources

Select to view content in your preferred language

Parameterized/safe queries for QueryTask?

2020

0

10-26-2010 07:51 AM

by

Is there any way to build 'safe' queries with a QueryTask? The documentation for the WhereClause property says

"A where clause for the query. Any legal SQL where clause operating on the fields in the layer is allowed, for example: where=POP2000 > 350000"

But sending a where clause as a string built from user input that gets blindly executed seems ripe for a SQL injection attack. Sure I can sanitize the input but that's a lot of work and could possibly prevent legit queries from being accepted on text fields.

0 Replies