Skip to main content
SOQL/SOSL Injection

Ensure user-supplied input is sanitized before using it in dynamic SOQL or SOSL queries.

Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago


SOQL/SOSL injection is a serious security vulnerability that results from insecure construction of database queries with user-supplied data. When queries are built unsafely from user-input, instead of using type-safe bind parameters, malicious input may be able to change the structure of the query to bypass or change application logic.


  • Visualforce components

  • Visualforce pages

  • Apex controllers

Did this answer your question?