You need to sign in to do that
Don't have an account?
SFDC Guest
SOQL injection security checkmarx
Hi All,
Can someone please help me resolve this issue.
I am getting error as "SampleClass.cls Method sampleMethod at line 3 of classes\SampleClass.cls gets user input from the strVar element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method sampleMethod at line 3 of classes\SampleClass.cls. This may enable an SOQL Injection attack. line no: 2, 5, 6" in checkmarx report. Thanks in advance.
Below is code:
public String strVar {get; set;};
public void sampleMethod(){
if(strVar != null){
strVar = strVar.trim();
List<String> varList = strVar.split(' ');
Can someone please help me resolve this issue.
I am getting error as "SampleClass.cls Method sampleMethod at line 3 of classes\SampleClass.cls gets user input from the strVar element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method sampleMethod at line 3 of classes\SampleClass.cls. This may enable an SOQL Injection attack. line no: 2, 5, 6" in checkmarx report. Thanks in advance.
Below is code:
public class SampleClass { public String strVar {get; set;}; public void sampleMethod(){ if(strVar != null){ strVar = strVar.trim(); List<String> varList = strVar.split(' '); //logic String str1; String qString = 'select id, Description FROM Account'; if(varList.size()==1){ str1 = varList.get(0); queryStr+= ' and (Account.Name like \'%' + str1 + '%\')'; } } } }Issue at below piece of code:
public String strVar {get; set;};
public void sampleMethod(){
if(strVar != null){
strVar = strVar.trim();
List<String> varList = strVar.split(' ');
Please try this code it may help you
Thank You
www.nubeselite.com
Developement | Training | Consulting
Please mark this as solution if your problem resolved.
To prevent SOQL injection, you can use the below example
Please let me know if that helps.
Thanks!