Which two queries can a developer use in a visualforce controller to - ProProfs Discuss
Topics
Products
Follow Us:

Which two queries can a developer use in a visualforce controller to protect against SOQLinjection Vulnerabilities?



A. String qryName = % + String.enforceSecurityChecks(name)+ % ;String qryString = SELECT ID FROM Contact WHERE Name LIKE :qryNAme ;List queryResults = Database.query(qryString);
B. String qryName = % + name % ;String qryString = SELECT ID FROM Contact WHERE Name LIKE :qryNAme ;List queryResults = Database.query(qryString);
C. String qryName = % + String.escpaeSingleQuotes(name)+ % ;String qryString = SELECT ID FROM Contact WHERE Name LIKE :qryNAme ;List queryResults = Database.query(qryString);
D. String qryString = SELECT ID FROM Contact WHERE Name LIKE :qryNAme ;List queryResults = Database.query(qryString);

This question is part of Platform Dev I
Asked by Csouza, Last updated: Aug 13, 2020

+ Answer
Request
1

3 Answers

r.gargnov

R.gargnov

Answered Apr 29, 2020

B and C is correct answer.

1
 

D. gray

Building buildings and building intelligence

D. gray, Builder, Builder, Las Vegas

Answered Feb 26, 2019

The correct answer to this question is A and D. A SOQL injection attack can be used by attackers to access restricted data in your organization. There are a numer of techniques that you can use in order to prevent these SOQL injections.

Which one you use will depend on what type of outcome you are seeking. You can either use static queries with bind variables, string.escapeSingleQuotes(), type casting, replacing characters, or whitelisting.

In this case, you would want to use String qryName = % + String.enforceSecurityChecks(name)+ % ;String qryString = SELECT Id FROM Contact WHERE Name LIKE :qryNAme ;List queryResults = Database.query(qryString); and String qryString = SELECT Id FROM Contact WHERE Name LIKE :qryNAme ;List queryResults = Database.query(qryString); to protect against the SOQL injections.

2
 

csouza

Csouza

Answered Jul 19, 2018

String qryName = % + String.enforceSecurityChecks(name)+ % ; String qryString = SELECT Id FROM Contact WHERE Name LIKE :qryNAme ; List queryResults = Database.query(qryString);
String qryString = SELECT Id FROM Contact WHERE Name LIKE :qryNAme ; List queryResults = Database.query(qryString);
2
 

Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer

Email Sent
We have sent an email to your address "" with instructions to reset your password.