SOQL Injection is the breach of our application security which is dangerous for our valuable data. This happens because preventive measures are not taken into consideration when we write our SOQL queries for any DML operation.<\/p>\n
When the queries are formed dynamically with front end input, user can use backend queries differently to get the information which he should not be having the access of.<\/p>\n
When the user inputs the name GreyMan<\/b> then the query will be as shown below –<\/p>\n But if in case user provides unexpected input like \u00a0\u00a0greytest%’) OR (Name LIKE ‘<\/b><\/p>\n This query will perform injection against your logic and will show all the Ids.<\/p>\n The New Stuff<\/strong><\/em>\u00a0:<\/span>\u00a0Mapping custom lead fields to standard contact fields<\/a> A SOQL Injection flaw can be used to modify the intended logic of any vulnerable query like the one shown above. To prevent a SOQL injection attack, avoid using dynamic SOQL queries.<\/p>\n Here some conditions are described which we need to take care of when we write SOQL Queries.<\/p>\n Object_Variable__c employeeDetail = new Object_Variable__c(Employee_Name__c =’GreyMan’);<\/p>\n Select id, Employee_Id__c, Employee_Name__c from Employee__c where Employee_Name__c = employeeDetail.Employee_Name__c;<\/p>\n String Empname = \u2019GreyMan\u2019;<\/p>\n Select id, Employee_Id__c, Employee_Name__c from Employee__c where \u00a0\u00a0\u00a0\u00a0Employee_Name__c =: Empname;<\/p>\n OR<\/b><\/p>\n Object_Variable__c employeeDetail = new Object_Variable__c(Employee_Name__c =’GreyMan’);<\/p>\n String employeeName= employeeDetail. Employee_Name__c;<\/p>\n Select id, Employee_Id__c, Employee_Name__c from Employee__c where Employee_Name__c = employeeName;<\/p>\n sQuery += ‘Select id, Employee_Id__c, Employee_Name__c’;<\/p>\n sQuery += ‘ from ‘+ Employee__c;<\/p>\n SQuery += ‘ where Employee_Name__c= \\’ ‘ +String.escapeSingleQuotes(Empname)+’\\’ ‘;<\/p>\n About Us<\/strong><\/span> Greytrix<\/a> has some unique solutions for Cloud CRM such as Salesforce integration with Sage Enterprise Management (Sage X3<\/a>), Sage Intacct, Sage 100 <\/a>and Sage 300 (Sage Accpac)<\/a>. We also offer best-in-class Cloud CRM Salesforce customization and development services<\/a> along with services such as Salesforce Data Migration<\/a>, Integrated App development<\/a>, Custom App development<\/a> and Technical Support<\/a> to business partners and end users.<\/p>\n Greytrix GUMU™ integration for Sage ERP \u2013 Salesforce is a 5-star app listed on Salesforce AppExchange<\/a>.<\/p>\n For more information, please contact us at salesforce@greytrix.com<\/a>. We will be glad to assist you.<\/p>\n Related Posts<\/span><\/strong><\/p>\n SOQL Injection is the breach of our application security which is dangerous for our valuable data. This happens because preventive measures are not taken into consideration when we write our SOQL queries for any DML operation. When the queries are formed dynamically with front end input, user can use backend queries differently to get the\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[471,472],"class_list":["post-77","post","type-post","status-publish","format-standard","hentry","category-salesforce-srv","tag-soql","tag-soql-injections"],"_links":{"self":[{"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/comments?post=77"}],"version-history":[{"count":2,"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":3969,"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/posts\/77\/revisions\/3969"}],"wp:attachment":[{"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/media?parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/categories?post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.greytrix.com\/blogs\/salesforce\/wp-json\/wp\/v2\/tags?post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n<\/a><\/p>\n\n
\n
\n
\n
\n
\nGreytrix<\/a> as a Salesforce Product development partner offers a wide variety of integration products and services to the end users as well as to the Partners across the globe. We offers Consultation, Configuration, Training and support services in out-of-the-box functionality as well as customizations to incorporate custom business rules and functionalities that requires apex code incorporation into the Salesforce platform.<\/p>\n\n