Monday, January 26, 2009

SOQL Injection

When user input is used to dynamically build the Condition Expression in SOQL queries be sure to escape single quotes and back slashes (I.e. Reserved Characters) to avoid SOQL Injection.

This is mainly applicable to building literal strings. For other data types the presence of these characters indicates an error.