Which two techniques should be used to ensure the users cannot perform a SOQL injection attack?

Universal Container has developed a custom Visualforce page that will accept user input and must prefer returning the results to the users.

Which two techniques should be used to ensure the users cannot perform a SOQL injection attack?
A . Escape double quotes in the user input.
B. Use bind variable in the SOQL query.
C. Use the escapesinglequotes() method to sanitize user input.
D. Use the with Sharing keyword on the controller.

Answer: B,C

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments