function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
naypers rtfnaypers rtf 

Simple Question About Dynamic Query

Hi, I'd like to know how I can to insert this filter in the query, without Security problems. thank you

  

public Opportunity[] getMyObjectOpportunities() {
 
List<Opportunity> itemsOpportunities;

String filter = ' order by ' + columnName + ' ' + sortDirection;

itemsOpportunities = [ SELECT o.Name, o.stageName, o.closeDate, o.Id, o.Probability FROM Opportunity o WHERE CreatedById =: getUserId()    /* ADD "filter"  */  ];
 
return itemsOpportunities ;
}

 

Starz26Starz26

you will have to do it like this:

 

 

public Opportunity[] getMyObjectOpportunities() {
 
List<Opportunity> itemsOpportunities;

String qry = 'SELECT o.Name, o.stageName, o.closeDate, o.Id, o.Probability FROM Opportunity o WHERE CreatedById =\'' + getUserId() '\' order by ' + columnName + ' ' + sortDirection;

itemsOpportunities = database.query(qry);
 
return itemsOpportunities ;
}