Apex Code Development You need to sign in to do that
Don't have an account?
Ankur Saini 9 SOQL SOSL Injection : Can not pass security check marx any one can help me?
strSoql = ObjLoadingSetting.UpsertLoadingSetting.SOQL_Query__c.substring(0,ObjLoadingSetting.UpsertLoadingSetting.SOQL_Query__c.indexof(ObjLoadingSetting.UpsertLoadingSetting.sObject_Name__c)+ObjLoadingSetting.UpsertLoadingSetting.sObject_Name__c.length())+' where '+ ObjLoadingSetting.whereClause+' limit 1';
If you must use dynamic SOQL, use the escapeSingleQuotes method to sanitize user-supplied input. This method adds the escape character (\) to all single quotation marks in a string that is passed in from a user. The method ensures that all single quotation marks are treated as enclosing strings, instead of database commands.
This question is answered in below link, please refer it.
http://salesforce.stackexchange.com/questions/70085/getting-soql-sosl-injection-error-when-i-send-my-code-for-security-review
http://salesforce.stackexchange.com/questions/46239/soql-sosl-injection-issue-solution
Hope this helps you!
If this helps you, please mark it as solved so that it will be available for others as a proper solution.
Thanks and Regards
Sandhya