You need to sign in to do that
Don't have an account?
kab1
Secured Apex issue using getParameters().get
Hi I need help with following ccode
I am using URL parameters and then read the parameter like following.
String strval=Apexpages.CurrentPage.getParameters().get('str');
sobj.property=strval;
Then passing the value to the query or sobject to update.
I am not sure how to make it safe from XSS /soql injection vulnerability.
Please send me a code snippet if you have thanks in advance
The requirement was to pass parameter to a different page and read the parameter in the 2ndpage.
I have removed the 2nd page and used Stylesheet for popup and in the same controller handled the page values.
Using <apex:param name="userId" value="{!f.UserId}" assignTo="{!selectedUserId}"/>
All Answers
You can't make this safe from XSRF - that is the underlying issue with carrying out DML based on a URL parameter. An unscrupulous page could put a link in to your page with any parameter and you would use it regardless.
You can make it safe from SOQL injection by using the escapeSingleQuotes method, but this doesn't safeguard access to your data in any way as you don't check what the value is.
Hi Bob,
Thanks for your reply, Then what is the best way to handle URL parameters from a page. I have a popup page and need to pass the parameter.
can you pl. post some code sample how to handle this?
thanks a lot.
Can you explain the requirement that you are trying to satisfy?
The requirement was to pass parameter to a different page and read the parameter in the 2ndpage.
I have removed the 2nd page and used Stylesheet for popup and in the same controller handled the page values.
Using <apex:param name="userId" value="{!f.UserId}" assignTo="{!selectedUserId}"/>