You need to sign in to do that
Don't have an account?
Solution
String.escapeSingleQuotes in Dynamic SOQL
Hello,
I am struck with the use of String.escapeSingleQuotes in Dynamic SOQL. I have one visualforce page which provides search page for user to search knowledge article records. There are 3 filters on page but only 1 field is a text file while others are picklists. I am using below query to get the list of article records.
qryString = 'SELECT Id, title, ArticleType, KnowledgeArticleId, UrlName FROM KnowledgeArticleVersion WHERE PublishStatus = \'online\' AND Language = \'en_US\' ';
qryString = qryString + 'AND ' + 'Title LIKE \' ' + String.escapeSingleQuotes(articleTitle) + '\' ';
articleList = Database.Query(qryString);
But m still getting SOQL SOSL injection issue while running security scan. Can someone please help me on this?
Thanks in Advance!!!!!
I am struck with the use of String.escapeSingleQuotes in Dynamic SOQL. I have one visualforce page which provides search page for user to search knowledge article records. There are 3 filters on page but only 1 field is a text file while others are picklists. I am using below query to get the list of article records.
qryString = 'SELECT Id, title, ArticleType, KnowledgeArticleId, UrlName FROM KnowledgeArticleVersion WHERE PublishStatus = \'online\' AND Language = \'en_US\' ';
qryString = qryString + 'AND ' + 'Title LIKE \' ' + String.escapeSingleQuotes(articleTitle) + '\' ';
articleList = Database.Query(qryString);
But m still getting SOQL SOSL injection issue while running security scan. Can someone please help me on this?
Thanks in Advance!!!!!
String title = String.escapeSingleQuotes(articleTitle);
qryString = 'SELECT Id, title, ArticleType, KnowledgeArticleId, UrlName FROM KnowledgeArticleVersion WHERE PublishStatus = \'online\' AND Language = \'en_US\' ';
qryString = qryString + 'AND ' + 'Title LIKE :title ';
articleList = Database.Query(qryString);
https://developer.salesforce.com/forums/ForumsMain?id=906F00000008oE7IAI
http://www.salesforce.com/us/developer/docs/pages/Content/pages_variables_functions.htm