Visual Builder

Get Involved. Join the Conversation.

Topic

    Jaeyshree Kumaran
    Rest end point with parameter value containing single quote...Answered
    Topic posted May 23, 2019 by Jaeyshree KumaranRed Ribbon: 250+ Points, last edited May 23, 2019, tagged Business Objects, Custom Code, Database, REST, SaaS Integration, Security, Services, Stage / Publish / DevOps, Validation, Web 
    72 Views, 4 Comments
    Title:
    Rest end point with parameter value containing single quote is not working
    Summary:
    When Business object rest endpoint is queried with parameter value containing single quote, bad request error is throwed
    Content:

    I have a Business object containing details of collections. I have to retrieve rows from the BO by passing collection names as parameters. I have formed the query parameter for the collections BO rest end point. One of the collection value contains single quote in its name.

    https://xxxxxxxx-xxxxxxx.builder.ocp.oraclecloud.com/ic/builder/design/xxxxxx/1.0/resources/data/xxxx?limit=2000&offset=0&onlyData=true&q=collection IN ('Prive'','Enchant')

    When I pass the parameter with single quote I receive bad request error. 

    If i try using LIKE parameter, the BO gets queried for many values like Enchant along with Enchant less. Also the query parameter length increases which is another disadvantage.

    https://xxxxxxxx-xxxxxxx.builder.ocp.oraclecloud.com/ic/builder/design/xxxxxx/1.0/resources/data/xxxx?limit=2000&offset=0&onlyData=true&q=collection LIKE '%Prive'%' or collection LIKE '%Enchant%'

    When I try to encode Prive' becomes Prive%27 and on hitting the URL it becomes Prive%2527

    Best Comment

    Shay Shmeltzer

    The solution is to use 3 ' in these cases.

    So something like - ...resources/data/Department?q=department='Sales''' or department='IT'

     

    Comment

     

    • Shay Shmeltzer

      If I use a filter criteria to define a query in a page for a value in a field that is Sales'

      The REST call that is being generated is:

      1.0/resources/data/Department?q=department%20%3D%20%27Sales%27%27

      From postman you can write it as:

      .../1.0/resources/data/Department?q=department like '%ales''

      note that at the end it is ' followed by another ' 

      • Jaeyshree Kumaran

        Hi Shay,

        For the rest calls, if I try to pass any value next to Sales' , I receive bad request error 

        q=department = 'Sales'' or department = 'HR' 

        q=department like 'Sales'' or department like 'HR' 

        but when I have the Sales' as last parameter value I am getting the result 

        q=department = 'HR' or department = 'Sales''

        q=department like 'HR' or department like 'Sales''

        Also I receive error when both of my parameter values have ' 
        q=department like 'HR'' or department like 'Sales''
         
        If I use % as in '%ales'' I may get some similar values that end with %ales', which will give me wrong results.
        • Shay Shmeltzer

          I can reproduce this and it seems like a bug - please contact Oracle Support to open a service request and ask then to associate it with bug 29826997

        • Shay Shmeltzer

          The solution is to use 3 ' in these cases.

          So something like - ...resources/data/Department?q=department='Sales''' or department='IT'