Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Apex Programming

You're reading from   Mastering Apex Programming A Salesforce developer's guide to learn advanced techniques and programming best practices for building robust and scalable enterprise-grade applications

Arrow left icon
Product type Paperback
Published in Nov 2023
Publisher Packt
ISBN-13 9781837638352
Length 394 pages
Edition 2nd Edition
Languages
Concepts
Arrow right icon
Author (1):
Arrow left icon
Paul Battisson Paul Battisson
Author Profile Icon Paul Battisson
Paul Battisson
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Section 1: Triggers, Testing, and Security
2. Chapter 1: Common Apex Mistakes FREE CHAPTER 3. Chapter 2: Debugging Apex 4. Chapter 3: Triggers and Managing Trigger Execution 5. Chapter 4: Exceptions and Exception Handling 6. Chapter 5: Testing Apex Code 7. Chapter 6: Secure Apex Programming 8. Section 2: Asynchronous Apex
9. Chapter 7: Utilizing Future Methods 10. Chapter 8: Working with Batch Apex 11. Chapter 9: Working with Queueable Apex 12. Chapter 10: Scheduling Apex Jobs 13. Section 3: Integrations
14. Chapter 11: Integrating with Salesforce 15. Chapter 12: Using Platform Events 16. Chapter 13: Apex and Flow 17. Chapter 14: Apex REST and Custom Web Services 18. Chapter 15: Outbound Integrations – REST 19. Chapter 16: Outbound Integrations – SOAP 20. Chapter 17: DataWeave in Apex 21. Section 4: Apex Performance
22. Chapter 18: Performance and the Salesforce Governor Limits 23. Chapter 19: Performance Profiling 24. Chapter 20: Improving Apex Performance 25. Chapter 21: Performance and Application Architectures 26. Index 27. Other Books You May Enjoy

Avoiding SOQL injection vulnerabilities

It is a common use case to want to receive some user input and use this as part of a SOQL query filter. However, while this provides helpful user functionality, it can be misused by a malicious user to gain access to additional data that is not meant to be visible to them.

For example, we could be searching for a contact record with the last name in the form of an input string we have defined, as shown in the following code snippet:

public String searchName {get; set;}
public List<Contact> cons {get; private set;}
public PageReference search() {
    cons = Database.query('SELECT Id, FirstName, LastName, Email FROM 
      Contact WHERE LastName Like \'%' + searchName + '%\'');
    return null;
}

In this preceding code snippet, we are defining a dynamic SOQL query where, when the user enters a search term—for example, Smith&...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image