function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Apar Jaggi 6Apar Jaggi 6 

only variable references are allowed in dynamic soql/sosl. I am not able to understand the problem

queryStr='age__c=29'

Database.query('SELECT Id,Name,Age__c,Email__c,Course__c FROM Student__c WHERE '+queryStr+' LIMIT:20');
GulshanRajGulshanRaj


The problem is with setting limit with ":" (colon). The correct way is use LIMIT 20

I tried this code and it works for me

String queryStr='NumberOfEmployees>29';

Database.query('SELECT Id,Name FROM Account WHERE '+queryStr+' LIMIT 20');


Best Regards
Gulshan Raj
SubratSubrat (Salesforce Developers) 
Hello Apar ,

In dynamic SOQL, you can only use variable references to bind values to the query, but not to dynamically build the query itself.

To fix this, you can use parameterized queries to dynamically bind the variable value to the query.
  
Integer ageValue = 29;

List<Student__c> students = Database.query(
    'SELECT Id, Name, Age_c, Emailc, Coursec FROM Studentc WHERE Age_c = :ageValue LIMIT 20'
);

If it helps please mark this as Best Answer.
Thank you.​​​​​​​
 
Prateek Prasoon 25Prateek Prasoon 25
The issue with the provided code is that the variable queryStr is being concatenated directly into the SOQL query string without being properly escaped or sanitized. This can lead to several problems, including potential security vulnerabilities such as SQL injection attacks.
Furthermore, the error message “only variable references are allowed in dynamic soql/sosl” suggests that the query string passed to Database.query() must be a string literal, which means that any dynamic parts of the query (such as variable values) must be properly substituted using placeholders.
To fix this issue, you can use a parameterized query instead of concatenating the variable directly into the query string. Here’s an example:
10:49
String queryStr = ‘age__c=:ageValue’;
Map<String, Object> queryParams = new Map<String, Object>{
    ‘ageValue’ => 29
};
List<Student__c> students = Database.query(‘SELECT Id, Name, Age__c, Email__c, Course__c FROM Student__c WHERE ’ + queryStr + ' LIMIT 20', queryParams);
New
10:50
In this example, we define a placeholder :ageValue in the query string and pass a map of parameter values to Database.query(). This way, we can ensure that the query is properly sanitized and that the variable value is substituted safely.

If you find this answer helpful, Please mark it as the best answer.
Martin HannonMartin Hannon
The parameterized query helped me solve the issue. However, I have more student assignments to get assistance with. I have researched many writing services and found the best one when checking Frankenstein research papers about monsters. https://edubirdie.com/examples/frankenstein/ coped with this task at their best, and since that moment, I have been using help from these academic experts because I trust only them when any student paper or issue I have to solve.