+ Start a Discussion
Ankur Saini 9Ankur Saini 9 

SOQL SOSL Injection : Can not pass security check marx any one can help me?

strSoql = ObjLoadingSetting.UpsertLoadingSetting.SOQL_Query__c.substring(0,ObjLoadingSetting.UpsertLoadingSetting.SOQL_Query__c.indexof(ObjLoadingSetting.UpsertLoadingSetting.sObject_Name__c)+ObjLoadingSetting.UpsertLoadingSetting.sObject_Name__c.length())+' where '+ ObjLoadingSetting.whereClause+' limit 1';
Best Answer chosen by Ankur Saini 9
SandhyaSandhya (Salesforce Developers) 
Hi,

If you must use dynamic SOQL, use the escapeSingleQuotes method to sanitize user-supplied input. This method adds the escape character (\) to all single quotation marks in a string that is passed in from a user. The method ensures that all single quotation marks are treated as enclosing strings, instead of database commands.

This question is answered in below link, please refer it.

http://salesforce.stackexchange.com/questions/70085/getting-soql-sosl-injection-error-when-i-send-my-code-for-security-review
 
http://salesforce.stackexchange.com/questions/46239/soql-sosl-injection-issue-solution
 
Hope this helps you!

If this helps you, please mark it as solved so that it will be available for others as a proper solution.

Thanks and Regards
Sandhya