top of page

This site was designed with the

website builder. Create your website today.Start Now

Search

To prevent SOQL injection

johnsontitus
May 12, 2020
1 min read

Updated: May 20, 2020

Use the following:

SOQL injection - a SOQL injection attack can be used by attackers to access otherwise restricted data in your org

to prevent SOQL injection:

Static queries with bind variables

queryResult = [select id from contact where firstname =:var];

String.escapeSingleQuotes()

Eg:

String s = '\'Hello Jason\''; system.debug(s); // Outputs 'Hello Jason' String escapedStr = String.escapeSingleQuotes(s);

Type casting Declare an Integer variable to collect the user input, if you expect an int value and then type cast to String when using in the query i.e String.value(<var>).
Replacing characters
Whitelisting validate the input value with multiple values using if, eg, if(var=='' || var==''){//construct the soql using the var}

Recent Posts

Use cases addressed with Apex/Lightning component

Use case - Lightning component listing product information about max discount allowed for each product. This field should be available...

Use static query instead of dynamic query

Eg of dynmic query: String query = 'select id from account where name = \'' + name + '\''; List<Account> queryResult =...

Comments

Post: Blog2_Post

bottom of page