O'Reilly logo

Visualforce Developer's Guide by W.A.Chamil Madusanka

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SOQL injection

The most popular injection attacks occur when the user's input is directly involved with the query or command. Therefore, the attacker can pass an untrusted date to execute a particular functionality or command. Then the attacker will get the access to unauthorized data.

Apex uses SOQL as the query language and it has limited functionality than SQL. But the SOQL injection attacks are similar to SQL injection attacks. The Salesforce.com users are willing to put their sensitive data into Salesforce because Salesforce.com is a secure platform. Therefore, when we build custom pages and custom controllers, we must pay more attention to prevent such attacks. In Force.com, SOQL injections occur with dynamic SOQL queries.

Dynamic SOQL is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required