Apex Code Development You need to sign in to do that
Don't have an account?
Shreyanka invalid id field error: after running test class
Hi everyone,
My code was vulnerable to SOQL injection so added String.escapeSingleQuotes() to dynamic query, after adding that I am getting below error after running the test class: "FATAL_ERROR System.QueryException: invalid ID field: %%001DJ00000jZ2f2YAC%%".
Can anyone help me how to resolve this issue.
Thanks in Advance!
My code was vulnerable to SOQL injection so added String.escapeSingleQuotes() to dynamic query, after adding that I am getting below error after running the test class: "FATAL_ERROR System.QueryException: invalid ID field: %%001DJ00000jZ2f2YAC%%".
Can anyone help me how to resolve this issue.
Thanks in Advance!
public with sharing class Sample {
@AuraEnabled
public Static List<sObject> getRealatedLists(String objectName,id parentId){
String query =null;
if(objectName=='abc__c'){
query = 'SELECT all query fields FROM '+objectName+
' WHERE field1__c = '+' \'%' +String.escapeSingleQuotes(str)+ '%\''+' order by field3__c';
}
List<SObject> sobjList = Database.query(query);
//System.debug('test111'+sobjList[0]);
return sobjList;
}
}
Can you share the test class for which you are getting error and I am getting "Variable does not exist: str" while saving the class
Thanks,
Please help me to resolve the issue.
Thanks!
@isTest public class Sample_Test { @isTest public static void getRealatedListsTest(){ Account acc=new Account(); acc.name='test'; acc.Account_Owner_Team__c=' test1'; insert acc; field1__c sp=new field1__c(); sp.Name='test sp'; sp.field3__c='strat'; insert sp; list<field1__c> splist=new list<field1__c>(); //Generic_RelatedList_Ctrler inst=new Generic_RelatedList_Ctrler(); splist=Generic_RelatedList_Ctrler.getRealatedLists('field1__c',acc.Id); } }Can you share me the correct Apex Class as I am not able to get what excatly you are trying to do.
Thanks,
public with sharing class Sample { @AuraEnabled public Static List<sObject> getRealatedLists(String objectName,id parentId){ String query =null; if(objectName=='abc__c'){ query = 'SELECT all query fields FROM '+objectName+ ' WHERE field1__c = '+' \'%' +String.escapeSingleQuotes(parentId) + '%\''+' order by field3__c'; } List<SObject> sobjList = Database.query(query); //System.debug('test111'+sobjList[0]); return sobjList; } }Thanks for sharing the correct code. The main issue I see with this test class is object name should be abc__c as per the below line
if(objectName=='abc__c'){But your test class code has object name as field1__c and I guess field1__c should be lookup field on abd__c object. Can you create these so I will share the test class for the same.
Thanks,
The apex class and test class should be as below.
Apex Class:
public with sharing class Sampleclass { @AuraEnabled public Static List<sObject> getRealatedLists(String objectName,id parentId){ String query =null; if(objectName=='abc__c'){ query = 'SELECT FIELDS(Standard) FROM '+objectName+ ' WHERE field1__c = ' + '\''+ parentId + '\'' +' order by field3__c'; system.debug('query' +query); } List<SObject> sobjList = Database.query(query); //System.debug('test111'+sobjList[0]); return sobjList; } }Test Class:
@isTest public class Sample_Test { @isTest public static void getRealatedListsTest(){ Account acc=new Account(); acc.name='test'; //acc.Account_Owner_Team__c=' test1'; insert acc; abc__c sp=new abc__c(); sp.Name='test sp'; sp.field3__c='strat'; insert sp; list<abc__c> splist=new list<abc__c>(); //Generic_RelatedList_Ctrler inst=new Generic_RelatedList_Ctrler(); splist=Sampleclass.getRealatedLists('abc__c',acc.Id); } }Let me know if you face any issues.
If this solution helps, Please mark it as best answer.
Thanks,
But the apex class will be vulnerable to SOQL injection checkmarx issue. So how to resolve this issue.
Thanks!
Here id is salesforce Id where you wont have any special characters so this wont cause any issue. If it is some type os string then definetly the issue occurs but not in above case.
Thanks,
Do you need any other clarifications on it.
Thanks,