function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SOQL statement and dynamic query

Hi Friends,


I have input text field and search button next to the field. I want to generate soql query in the controller class function.

When somebody enters something in the input  field and click  on the search field  it should assign that value to the Soql statements where clause .It should looks something like this.

database.query(select id,name from account where name=What should I be doing there And how to do that);


I knoe I have to use setter method but How do I link inputetxt field and pass its value to the soql query.


Please help.




FROM Account
WHERE Name = 'Sandy

The value of the inputText field will be stored in the parameter you put for the value="{!xxxxx}" of th einputtextfield.


In order for the command button to actually post the value for you to use, I believe you have to rerender something on the page. Sometime I created a hidden pageBlock or something <apex:pageBlock id="rerenderMe"/> if I do not want to have the command button rerender anything but still allow it to post. You may have to set immediate=true as well, I would have to play with it again to find out.


Then in the controller you can user the paramater:


public string whereClause {get;set;}


database.query('select id,name from account where name=: whereClause');


That should be it....




to use theescapeSingleQuotes

  method on the where clause, so it would be:


database.query('Select Name From Account  where Name = \'' + escapeSingleQuotes(whereClause) + '\'');


You need that to prevent SOQL injection since you are directly using user input....just to be safe


Hi starz,


Thanks a  lot for the reply,I got your point.However,I am not clear on using immediate = true.As far as I know immediate =true means you don;t have to worry about validation rules on the field .It will only bypass that validation rule.Please correct me if I am wrong.


Moreover, It looks like  that by declaring setter function like









we can use



select id,name from account where name=keyword. along with single escape charcter. So we do not have to pass parameters to the keyweod funnction to set value .










Immediate = true, you are correct in the interpretation, but sometimes it seems to make things work.....


As for the last part, you have to have a value="{!xxx}" in the apex inputtext tag otherwise it will not know where to put the inputted value.


and no, you cannot use name=keyword when building a dynamic soql. You have to use ' name = \'' + keyword + '\''


when you bind strings in regular SOQL like name =:Keyword, it will put the ' ' around it for you as it knows it is a string. when you are building yourself, you have to build the complete string.


You cannot use class property get;set; variables in binding (at least I have not been able to). You can use method variable in binding name=:keyword if the variable is in the method