Database Formulas

Before enabling formula conversion to SQL please consider the following information:

Protect your data from unauthorized SQL injection

This feature converts some Exago formulas to SQL—e.g.,  If(a, b, c) would be converted to CASE WHEN a THEN b ELSE c ENDso that they can be evaluated in the database for improved performance. During this process, function arguments are inserted into the SQL as-is, and without proper precautions, users could potentially inject malicious SQL into formulas in order to modify or view unauthorized data.

Warning: Please contact your database administrator to ensure that the connection string has read-only access. Do not enable formula conversion to SQL without a restricted connection string for each accessible source.

Test for data inconsistencies

There are innate differences between how Exago and databases evaluate formulas. Equivalent formulas may return inconsistent data in some situations. Mathematical equations may have differing levels of precision, which can alter the result. Date functions are known to have some divergent behavior as well.

Test this feature in a staging environment to ensure that there are no material abnormalities in formula output. If you are experiencing issues, either disable this feature or consider editing the function conversion table to better reflect your desired output:


Hidden Article Information

Article Author
Exago Development
created 2018-07-12 19:58:06 UTC
updated 2019-04-19 19:06:31 UTC

security, injection, sql, warning, inject, evaluation, equation,
Have more questions? Submit a request