JQuery SQL injection in salesforce? need help

This is javascript string on the vf page, It still giving SQL injection Issue on sceurity review.
how to avooid sql Injection in jquery???
My code is..
var q_text = "select JId__c from JOauth__c where SetupOwnerId= '";
var q_text1 = $('#currnetUserId').text();
// "currnetUserId" is the ID of span tag in another page
var q_text2 = "'";
var q = q_text.concat(q_text1, q_text2);

January 12, 2015
·
Answer
·
Like
0
·
Follow
1

SeAlVa
I think that if instead of creating the query in javascript, you just send the fields and the values for the "where" clause, but you build the actual query in the controller using the proper methods to scape characters that might change the behaviour of the query, It might not fail.

(Haven't tried, is just a thought)

January 15, 2015
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

JQuery SQL injection in salesforce? need help

You need to sign in to do that.