Apex Code Development You need to sign in to do that
Don't have an account?
SofitDevelopment How to use the escapeSingleQuotes method?
I'm trying to use this method in a dynamic SOQL query. Follow the sample code:
public static String getRowById(String sobjName, id id){
String query = 'select ';
Map<String, Schema.SObjectField> objectFields = Schema.getGlobalDescribe().get(sobjName).getDescribe().fields.getMap();
for(String f : objectFields.keySet()){
query += f;
query += ',';
}
query = query.substring(0,query.length()-1);
query += ' from '+ sobjName;
query += ' where id = \'' + String.escapeSingleQuotes(id) + '\'';
query += ' limit 1';
return query;
}
The problem is that this is still considered as a SOQL Injection vulnerability.
Am I missing something here? I also tried to use it as a parameter like this:
getRowById('SFT_Brand__c',String.escapeSingleQuotes(ApexPages.currentPage().getParameters().get('id')));
try this.
query += '\''+String.escapeSingleQuotes(Id)+'\'';