You need to sign in to do that
Don't have an account?
SOQL Injection problem in dynamic query.
Hi Guys,
I am facing problem in soql injection, I have written a query to fetch Account data with condtion Name like bellow.
string queryString='select id,name,billingstreet from account'
if (AccountName != null && !AccountName.equals('')) {
AccountName= '%' + AccountName + '%';
queryString += ' Where Name LIKE :AccountName ';
}
I have passed parameter % it's return all the account even I used String.escapeSingleQuotes(AccountName) as below
if (AccountName != null && !AccountName.equals('')) {
AccountName= '%' + String.escapeSingleQuotes(AccountName) + '%';
queryString += ' Where Name LIKE :AccountName ';
}
Even it's return all account,
How can we resolve this Injection problem..
Thanks.
All Answers
Not working yet.
Thanks
I tried Kantik's solution. It is working at my end I did only few changes as below:
Thanks
Sandeep Singhal
http://www.codespokes.com/