SOQL injection attack occurs when a user inputs a value in dynamic SOQL query. If that input is not validated, the command(input) can modify the SOQL statement. Best practices to avoid SOQL injection attack: Avoid using dynamic SOQL queries. Use static queries and binding variables. In case of dynamic SOQL queries, use escapeSingleQuotes method to sanitize the user-supplied input.
A page to guide you on your Salesforce journey. Wishing you the best.