Who is this article for?

Users whose queries don't return the expected results.

No elevated access or permissions are required.

Incorrectly including an ampersand (&) in the WHERE clause of a query string does not cause an error, but the API ignores that part of the condition and returns the full result set. This article contains a use case to help illustrate the issue.

1. Example

1. Example

The following query string will return a result set containing all Findings belonging to the Audit 'Head Office Accounts Payable', and that also have a title 'My Test Finding'.

finding? Select=title,parentaudit.title&where=parentaudit.title="Head%20Office%20Accounts%20Payable"%20AND%20title="My%20Test%20Finding"

However, if & is used in place of a % before the AND, the API will return all Findings belonging to the Audit 'Head Office Accounts Payable'.  It will ignore the second condition in the WHERE statement.

finding? Select=title,parentaudit.title&where=parentaudit.title="Head%20Office%20Accounts%20Payable"&20AND%20title="My%20Test%20Finding"

Ref:  VIS_API-108