+ Start a Discussion
sales force 4sales force 4 

How to fix the vulnerable to SQL injection attacks error in sales force?

In my Custom visual force page i have coded iframe like this: 
$("a#icsFrame8").click(function () { document.getElementById("myIFrame").src = '/apex/Samplepage?isdtp=mn';

But, After we did a BURP scan we passed URL parameter appears to be vulnerable to SQL injection attack error. Below it shows the Error:
GET /apex/SamplePage?id=a0Pb0000007FkR9EAK&isdtp=mn&137665543'%20or%20'4694'%3d'4694=1 HTTP/1.

Any body help me how to fix this..
Best Answer chosen by sales force 4
RamuRamu (Salesforce Developers) 
The below articles might help

https://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_soql_injection.htm

https://developer.salesforce.com/page/Secure_Coding_SQL_Injection

http://www.salesforcegeneral.com/soql-injection-salesforce/