SOQL injection attack occurs when a user inputs a value in dynamic SOQL query. If that input is not validated, the command(input) can modify the SOQL statement.
Best practices to avoid SOQL injection attack:
Avoid using dynamic SOQL queries.
Use static queries and binding variables.
In case of dynamic SOQL queries, use escapeSingleQuotes method to sanitize the user-supplied input.
Comments
Post a Comment