SAP Gateway oData service with long string

I am developing a SAPUI5 application consuming oData services with SAP Gateway. I have implemented a search functionality which is producing a SQL where condition. One part of the condition looks like follows: ... OR DESCRIPTION LIKE '%searchString%'... . In my database table I have a field DESCRIPTION which is of type LCHR length 32000. The only problem is that the field DESCRIPTION cannot be in WHERE clause.

What would be a correct approach of searching long strings in database table via oData services? Do I need to hardcode the search functionality or is there some cleaner way?

Thank you very much.

1 answer

  • answered 2018-01-05 14:31 Francesco Iannazzo

    please provide more information what are you exactly doing? Are you creating a WHERE clause in the UI5 application and sending that to an Odata service ? If yes don't do that ! This would be a security issue, because of SQL injection. From the the UI5 application, you should only call an odata service and pass a filter to it for e.g. /OdadaEntitySet?filter=searchString. Plase take a look into sapui5 documentation for the read method

    This filter than must be interpreted from the Gateway system and the gateway system then can construct the WHERE clause. Unfortunately I'm not a gateway developer.