SAP Gateway oData service with long string

I am developing a SAPUI5 application consuming oData services with SAP Gateway. I have implemented a search functionality which is producing a SQL where condition. One part of the condition looks like follows: ... OR DESCRIPTION LIKE '%searchString%'... . In my database table I have a field DESCRIPTION which is of type LCHR length 32000. The only problem is that the field DESCRIPTION cannot be in WHERE clause.

What would be a correct approach of searching long strings in database table via oData services? Do I need to hardcode the search functionality or is there some cleaner way?

Thank you very much.

1 answer

  • answered 2018-01-05 14:31 Francesco Iannazzo

    please provide more information what are you exactly doing? Are you creating a WHERE clause in the UI5 application and sending that to an Odata service ? If yes don't do that ! This would be a security issue, because of SQL injection. From the the UI5 application, you should only call an odata service and pass a filter to it for e.g. /OdadaEntitySet?filter=searchString. Plase take a look into sapui5 documentation for the read method https://sapui5.hana.ondemand.com/#/api/sap.ui.model.odata.v2.ODataModel/methods/read.

    This filter than must be interpreted from the Gateway system and the gateway system then can construct the WHERE clause. Unfortunately I'm not a gateway developer.