If you have the following database connection options switched on, users can execute any SQL Server query using user defined filter.
So switch off:
- Literals in join queries from forms and reports
- Literals in complex joins from X++
Dont't use forceLiteras in production environment.
It can affect performance but will protect your data