• Pspk
  • NEWBIE
  • 20 Points
  • Member since 2017

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 3
    Questions
  • 5
    Replies
Hi , I am struck up in below Trailhead challange and could not understand what wrong in my code.
Please help 

Thanks in advance 

Simulate a SOQL Injection Attack

For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.

SOQL_Injection_Challenge:

public class SOQL_Injection_Challenge {

    public string textual {get; set;}
    public List<Supply__c> whereclause_records {get; set;}



//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
    public PageReference whereclause_search(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textual != null && textual!=''){
                whereClause += 'name like  \'%'+textual+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
            validate(whereClause,whereclause_records.size());
        }

        return null;
    }


    public void validate(string s, integer i){
      if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
        cvcs__c  v = cvcs__c.getInstance('sic1');
        if(v==null){
          v = new  cvcs__c(name='sic1',c1__c = 1);
        } else {
            v.c1__c += 1;
        }
        upsert v;
      }
    } 
}
  • September 27, 2017
  • Like
  • 0
Hi , I am also facing some problem with salesforce Trailhead SOQL injection Challenge, I tried many ways but still i am getting error .
can you suggest me where i am going wrong ?
​Thank you 

SOQL_Injection_Challenge:

public class SOQL_Injection_Challenge {
    public string textual {get; set;}
    public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
    public PageReference whereclause_search(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';
        if(textual != null && textual!=''){
                whereClause += 'name like  \'%'+textual+'%\' ';
        }
        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
            validate(whereClause,whereclause_records.size());
        }
        return null;
    }
    public void validate(string s, integer i){
      if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
        cvcs__c  v = cvcs__c.getInstance('sic1');
        if(v==null){
          v = new  cvcs__c(name='sic1',c1__c = 1);
        } else {
            v.c1__c += 1;
        }
        upsert v;
      }
    } 

}
  • September 25, 2017
  • Like
  • 0
Hi , I am also facing some problem with salesforce Trailhead SOQL injection Challenge, I tried many ways but still i am getting error .
can you suggest me where i am going wrong ?
​Thank you 


Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.

SOQL_Injection_Challenge:

public class SOQL_Injection_Challenge {

    public string textual {get; set;}
    public List<Supply__c> whereclause_records {get; set;}



//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
    public PageReference whereclause_search(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textual != null && textual!=''){
                whereClause += 'name like  \'%'+textual+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
            validate(whereClause,whereclause_records.size());
        }

        return null;
    }


    public void validate(string s, integer i){
      if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
        cvcs__c  v = cvcs__c.getInstance('sic1');
        if(v==null){
          v = new  cvcs__c(name='sic1',c1__c = 1);
        } else {
            v.c1__c += 1;
        }
        upsert v;
      }
    } 

}
  • September 21, 2017
  • Like
  • 0
Hi , I am struck up in below Trailhead challange and could not understand what wrong in my code.
Please help 

Thanks in advance 

Simulate a SOQL Injection Attack

For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.

SOQL_Injection_Challenge:

public class SOQL_Injection_Challenge {

    public string textual {get; set;}
    public List<Supply__c> whereclause_records {get; set;}



//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
    public PageReference whereclause_search(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textual != null && textual!=''){
                whereClause += 'name like  \'%'+textual+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
            validate(whereClause,whereclause_records.size());
        }

        return null;
    }


    public void validate(string s, integer i){
      if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
        cvcs__c  v = cvcs__c.getInstance('sic1');
        if(v==null){
          v = new  cvcs__c(name='sic1',c1__c = 1);
        } else {
            v.c1__c += 1;
        }
        upsert v;
      }
    } 
}
  • September 27, 2017
  • Like
  • 0
Hi , I am also facing some problem with salesforce Trailhead SOQL injection Challenge, I tried many ways but still i am getting error .
can you suggest me where i am going wrong ?
​Thank you 

SOQL_Injection_Challenge:

public class SOQL_Injection_Challenge {
    public string textual {get; set;}
    public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
    public PageReference whereclause_search(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';
        if(textual != null && textual!=''){
                whereClause += 'name like  \'%'+textual+'%\' ';
        }
        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
            validate(whereClause,whereclause_records.size());
        }
        return null;
    }
    public void validate(string s, integer i){
      if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
        cvcs__c  v = cvcs__c.getInstance('sic1');
        if(v==null){
          v = new  cvcs__c(name='sic1',c1__c = 1);
        } else {
            v.c1__c += 1;
        }
        upsert v;
      }
    } 

}
  • September 25, 2017
  • Like
  • 0