You need to sign in to do that
Don't have an account?
sfp
Security Scanner SOQL injection even used the escapeSingleQuotes
Query Name - SOQL_SOSL_Injection
Severity - Critical
7. public UserController() //usercontroller.cls
...
10. id = apexpages.currentpage().getparameters().get('id');
My code:
public UserController() {
try {
user = new User__c();
id = apexpages.currentpage().getparameters().get('id');
if (id != null) {
user = [SELECT Id, Id__c, FirstName__c, LastName__c, MobilePhone__c, Username__c, Status__c FROM User__c where id =: string.escapeSingleQuotes(id)];
}
} catch(QueryException e) {
ApexPages.Message msg = new ApexPages.Message(ApexPages.Severity.ERROR, 'Invalid User: '+id);
ApexPages.addMessage(msg);
}
}
Please help out this issue.
Thanks,
Mohan
Severity - Critical
7. public UserController() //usercontroller.cls
...
10. id = apexpages.currentpage().getparameters().get('id');
My code:
public UserController() {
try {
user = new User__c();
id = apexpages.currentpage().getparameters().get('id');
if (id != null) {
user = [SELECT Id, Id__c, FirstName__c, LastName__c, MobilePhone__c, Username__c, Status__c FROM User__c where id =: string.escapeSingleQuotes(id)];
}
} catch(QueryException e) {
ApexPages.Message msg = new ApexPages.Message(ApexPages.Severity.ERROR, 'Invalid User: '+id);
ApexPages.addMessage(msg);
}
}
Please help out this issue.
Thanks,
Mohan
Try to escape the string outside of the SOQL query. Like this:
Hope that helps,
Clint