Apex Code Development You need to sign in to do that
Don't have an account?
ReeaDeveloper Dynamic SOQL
Hello. I am running a dynamic soql statement that mimics 'SELECT * FROM Table Where ID = value'.
So i have my query = 'SELECT field1,field2,.... WHERE Id = ' + value. I get value from the url as a parameter. I wanted to know if it is possible to add parameter of somehow to verify that my value is of type ID and prevent sql injection.
Thanks.
In order to ensure the parameter from the URL is an ID, you could store it in an ID, e.g.
String idStr=ApexPages.currentPage().getParameters().get('id'); ID contId=idStr;This will throw an exception if the parameter isn't an id.
You can then bind contId to the SOQL query as suggested above.
All Answers
Hi,
You can get the parameter from the URL in the controller by using below snippets
String di1=ApexPages.currentPage().getParameters().get('id');
You can execute dynamic query on the basis of the URL parameter
String query= ‘select name,email,phone from contact where id =:’+ di1;
sObject S = Database.query(query);
Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved.
In order to ensure the parameter from the URL is an ID, you could store it in an ID, e.g.
String idStr=ApexPages.currentPage().getParameters().get('id'); ID contId=idStr;This will throw an exception if the parameter isn't an id.
You can then bind contId to the SOQL query as suggested above.