SOQL Injection - Demo and Approaches to Prevent it
In this post let us see a sample use case of SOQL Injection and the different methods to get rid of SOQL injection. 1. What is SOQL Injection? This will happen when we try to execute Dynamic Query in Apex, accepting input from the User. And the user can modify input value based on his need, thus resulting in unintended query results. 2. Sample Use Case We have got an LWC Component to Search for Accounts, accepting Account Name as the input parameter. On successful search, the component will display resulting accounts matching search criteria. Code Details below: accountNameSearch.html < template > < h1 > Search Account </ h1 > < lightning-card title = "Search Account Using Name" > < lightning-input label = "Enter Account Name" onchange = {handleFilter} class = "slds-size--2-of-8" ></ lightning-input > < br /> < lightning-button label = "SEARCH" onclick = {handleSearch