You're reading from Mastering Apex Programming A Salesforce developer's guide to learn advanced techniques and programming best practices for building robust and scalable enterprise-grade applications

Product type Paperback

Published in Nov 2023

Publisher Packt

ISBN-13 9781837638352

Length 394 pages

Edition 2nd Edition

Languages

Apex

Tools

Salesforce

Concepts

CRM

Author (1):

Paul Battisson

View More author details

Table of Contents (28) Chapters

Preface

1. Section 1: Triggers, Testing, and Security

2. Chapter 1: Common Apex Mistakes FREE CHAPTER

3. Chapter 2: Debugging Apex

4. Chapter 3: Triggers and Managing Trigger Execution

5. Chapter 4: Exceptions and Exception Handling

6. Chapter 5: Testing Apex Code

7. Chapter 6: Secure Apex Programming

8. Section 2: Asynchronous Apex

9. Chapter 7: Utilizing Future Methods

10. Chapter 8: Working with Batch Apex

11. Chapter 9: Working with Queueable Apex

12. Chapter 10: Scheduling Apex Jobs

13. Section 3: Integrations

14. Chapter 11: Integrating with Salesforce

15. Chapter 12: Using Platform Events

16. Chapter 13: Apex and Flow

17. Chapter 14: Apex REST and Custom Web Services

18. Chapter 15: Outbound Integrations – REST

19. Chapter 16: Outbound Integrations – SOAP

20. Chapter 17: DataWeave in Apex

21. Section 4: Apex Performance

22. Chapter 18: Performance and the Salesforce Governor Limits

23. Chapter 19: Performance Profiling

24. Chapter 20: Improving Apex Performance

25. Chapter 21: Performance and Application Architectures

26. Index

Why subscribe?

27. Other Books You May Enjoy

Avoiding SOQL injection vulnerabilities

It is a common use case to want to receive some user input and use this as part of a SOQL query filter. However, while this provides helpful user functionality, it can be misused by a malicious user to gain access to additional data that is not meant to be visible to them.

For example, we could be searching for a contact record with the last name in the form of an input string we have defined, as shown in the following code snippet:

public String searchName {get; set;}
public List<Contact> cons {get; private set;}
public PageReference search() {
    cons = Database.query('SELECT Id, FirstName, LastName, Email FROM 
      Contact WHERE LastName Like \'%' + searchName + '%\'');
    return null;
}

In this preceding code snippet, we are defining a dynamic SOQL query where, when the user enters a search term—for example, Smith&...