Hi,
I have a use case where dynamic sql query is cinstructed from a user input to the controller action method.
Even the TableName and ColumnName are inputs to the action. Query is constructed as below.
sqlQuery.Append("SELECT * From public."\"" + tableName + "\" WHERE \"" + attributeName + "\" = @attributeValue);
No issue with implementation. But, SONARQUBE raises critical below error.
Change this code to not construct SQL queries directly from user-controlled data
Please suggest how I can solve it. All the compliant solutions are not solving the issue.