+ Start a Discussion
Ankur Saini 9Ankur Saini 9 

SOQL SOSL Injection : Can not pass security check marx any one can help me?

strSoql = ObjLoadingSetting.UpsertLoadingSetting.SOQL_Query__c.substring(0,ObjLoadingSetting.UpsertLoadingSetting.SOQL_Query__c.indexof(ObjLoadingSetting.UpsertLoadingSetting.sObject_Name__c)+ObjLoadingSetting.UpsertLoadingSetting.sObject_Name__c.length())+' where '+ ObjLoadingSetting.whereClause+' limit 1';
Best Answer chosen by Ankur Saini 9
SandhyaSandhya (Salesforce Developers) 

If you must use dynamic SOQL, use the escapeSingleQuotes method to sanitize user-supplied input. This method adds the escape character (\) to all single quotation marks in a string that is passed in from a user. The method ensures that all single quotation marks are treated as enclosing strings, instead of database commands.

This question is answered in below link, please refer it.

Hope this helps you!

If this helps you, please mark it as solved so that it will be available for others as a proper solution.

Thanks and Regards