Apex Code Development You need to sign in to do that
Don't have an account?
Which two queries can a developer use in a visualforce controller to protect against SOQL injection vulnerabilities? Choose 2 answers
A.String qryName = ‘%’ + String.escapeSingleQuotes(name) + ‘%’;
String qryString = ‘SELECT ID FROM contact WHERE name LIKE \ ' % ' + qryName + ' % \ ' ';
List<contact> queryResult =Database.query(queryString);
B. String qryName = ‘%’ + name + ‘%’;
String qryString = ‘SELECT ID FROM contact WHERE name LIKE :qryName' ;
List<contact> queryResult =Database.query(queryString);
C. String qryString = ‘SELECT ID FROM contact WHERE name LIKE \ ‘%’ + name + ‘%\ ’ ’;
List<contact> queryResult =Database.query(queryString);
D. String qryName = ‘%’ + String.enforceSecurityChecks(name) + ‘%’;
String qryString = ‘SELECT ID FROM contact WHERE name LIKE :qryName;
String qryString = ‘SELECT ID FROM contact WHERE name LIKE \ ' % ' + qryName + ' % \ ' ';
List<contact> queryResult =Database.query(queryString);
B. String qryName = ‘%’ + name + ‘%’;
String qryString = ‘SELECT ID FROM contact WHERE name LIKE :qryName' ;
List<contact> queryResult =Database.query(queryString);
C. String qryString = ‘SELECT ID FROM contact WHERE name LIKE \ ‘%’ + name + ‘%\ ’ ’;
List<contact> queryResult =Database.query(queryString);
D. String qryName = ‘%’ + String.enforceSecurityChecks(name) + ‘%’;
String qryString = ‘SELECT ID FROM contact WHERE name LIKE :qryName;
Check this - https://trailhead.salesforce.com/en/content/learn/modules/secdev_injection_vulnerabilities/secdev_inject_prevent_soql_injection
--
Magulan Duraipandian
www.infallibletechie.com