Rationale
SOQL/SOSL injection is a serious security vulnerability that results from insecure construction of database queries with user-supplied data. When queries are built unsafely from user-input, instead of using type-safe bind parameters, malicious input may be able to change the structure of the query to bypass or change application logic.
Scope
- Visualforce components
- Visualforce pages
- Apex controllers