function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Waqar Hussain SFWaqar Hussain SF 

JQuery SQL injection in salesforce? need help

This is javascript string on the vf page, It still giving SQL injection Issue on sceurity review.
how to avooid sql Injection in jquery??? 
My code is.. 
var q_text = "select JId__c from JOauth__c where SetupOwnerId= '";
var q_text1 = $('#currnetUserId').text();
// "currnetUserId" is the ID of span tag in another page
var q_text2 = "'";
var q = q_text.concat(q_text1, q_text2);
SeAlVaSeAlVa
I think that if instead of creating the query in javascript, you just send the fields and the values for the "where" clause, but you build the actual query in the controller using the proper methods to scape characters that might change the behaviour of the query, It might not fail.

(Haven't tried, is just a thought)