ABAP Keyword Documentation → ABAP - Security Notes → Security Risks Caused by Input from Outside

SQL Injections

An SQL injection is a widely used attack method on insufficiently secure input from outside. An SQL injection passes malicious SQL code injected into a program to the database system, unchecked and unmasked. In ABAP, this can occur when the following programming techniques are used:

Dynamically specified tokens in Open SQL

Use of ADBC

Use of Object Services

Generic programming

Other versions: ~~7.31~~ | 7.40 | 7.54

Continue

SQL Injections Using Dynamic Tokens

SQL Injections Using ADBC

SQL Injections Using Object Services

SQL Injections Using Generic Programming