Hi all,

We received the following question from our developer:

When we query SalesForce we use a statement like the one beneath. However, we are afraid it can be abused to perform SQL Injection. The only alternative is not to use ‘where’ and to query the whole Salesforce database. Once we have all the data, we then can perform a search on our side on the data. However, this solution has performance issues. Can you please advise us how to use a SQL Injection free query?

var objResult = svc.query("select id, lastname, firstname, email, Email_opt_in__c from contact where Id = '003D0000013uxmpIAA'");

The salesforce support team could not really help with this question.  Anyone who has experience with this or might be able to help with this question?

Thank you in advance.