Dynamic SOSL

Dynamic SOSL refers to the creation of a SOSL string at run time with Apex code. Dynamic SOSL enables you to create more flexible applications. For example, you can create a search based on input from an end user, or update records with varying field names.

To create a dynamic SOSL query at run time, use the search query method. For example:

List<List <sObject>> myQuery = search.query(SOSL_search_string);

The following example exercises a simple SOSL query string.

String searchquery='FIND\'Edge*\'IN ALL FIELDS RETURNING Account(id,name),Contact, Lead'; 

Dynamic SOSL statements evaluate to a list of lists of sObjects, where each list contains the search results for a particular sObject type. The result lists are always returned in the same order as they were specified in the dynamic SOSL query. From the example above, the results from Account are first, then Contact, then Lead.

The search query method can be used wherever an inline SOSL query can be used, such as in regular assignment statements and for loops. The results are processed in much the same way as static SOSL queries are processed.

Dynamic SOSL queries have the same governor limits as static queries. For more information on governor limits, see Execution Governors and Limits.

For a full description of SOSL query syntax, see Salesforce Object Search Language (SOSL) in the SOQL and SOSL Reference.

Use Dynamic SOSL to Return Snippets

To provide more context for records in search results, use the SOSL WITH SNIPPET clause. Snippets make it easier to identify the content you’re looking for. For information about how snippets are generated, see WITH SNIPPET in the SOQL and SOSL Reference.

To use the SOSL WITH SNIPPET clause in a dynamic SOSL query at run time, use the Search.find method.
Search.SearchResults searchResults = Search.find(SOSL_search_string);

This example exercises a simple SOSL query string that includes a WITH SNIPPET clause. The example calls System.debug() to print the returned titles and snippets. Your code would display the titles and snippets in a Web page.

Search.SearchResults searchResults = Search.find('FIND \'test\' IN ALL FIELDS RETURNING 
KnowledgeArticleVersion(id, title WHERE PublishStatus = \'Online\' AND Language = \'en_US\') WITH SNIPPET (target_length=120)');
List<Search.SearchResult> articlelist = searchResults.get('KnowledgeArticleVersion');

for (Search.SearchResult searchResult : articleList) { 
	KnowledgeArticleVersion article = (KnowledgeArticleVersion) searchResult.getSObject(); 

SOSL Injection

SOSL injection is a technique by which a user causes your application to execute database methods you did not intend by passing SOSL statements into your code. A SOSL injection can occur in Apex code whenever your application relies on end-user input to construct a dynamic SOSL statement and you do not handle the input properly.

To prevent SOSL injection, use the escapeSingleQuotes method. This method adds the escape character (\) to all single quotation marks in a string that is passed in from a user. The method ensures that all single quotation marks are treated as enclosing strings, instead of database commands.