Hi,technically yes, if you don't check your parameters, you can insert
unwanted values into your query. But then the effect is always limited,
because before the result is delivered to you, every item is checked
against the ACLs, so no you cannot get data you are not allowed to
read.If you need more detailled answers (or for some reasons official
answers), please raise a Daycare ticket.Jörg