Get Example source ABAP code based on a different SAP table
SQL Injections Using Generic Programming Generic programming is the most unsafe of all dynamic programming techniques. In principle, the ABAP statement injections cover all individual security risks that can occur in dynamic programming, and most significantly SQL injections. The more generic the programming, the more difficult it is to prevent SQL injections from exploiting input that originates outside the program.
Example ABAP Coding
The following program section demonstrates static embedded of Native SQL in a program generated using GENERATE SUBROUTINE POOL . Before ADBC was introduced, this was the only way of creating dynamic parts in Native SQL . In the case in question, the input key must be escaped using the method ESCAPE_QUOTES of the class CL_ABAP_DYN_PRG to prevent SQL injections. In a more realistic example, of course, host variables would be the preferred method. ABEXA 01278 ABAP_EXAMPLE_END
