Posts

🔐 Preventing SOQL Injection in Apex: Secure Your Queries

🔍 What is SOQL Injection? SOQL injection happens when an attacker enters harmful input into your application to trick a SOQL query into doing something it shouldn’t—like returning unauthorized data or changing logic. This usually happens when user input is added directly into a dynamic query without validation. 💥 Example of Unsafe Code public static List<Contact> unsafeSearch(String searchKey) {     String query = 'SELECT Id FROM Contact WHERE Name = \'' + searchKey + '\'';     return Database.query(query); } Why it’s unsafe:   In this code, the user input (searchKey) is added directly into the query string without any checks or cleaning. If a user types something like: 'John%' OR Name != ' ' The final query becomes: SELECT Id FROM Contact WHERE Name = 'John%' OR Name != ' ' This means: Instead of searching for contacts whose name is like “John%”. The query now says: “Give me contacts where the name is ‘John%’ OR where the...
Post a Comment
Read more

🚀Apex Triggers & Ownership Transfer: What Every Dev Should Know🧠

Image
Below are multiple real-world  scenarios covering different versions of how Apex Triggers and user record sharing behave, especially when ownership is changed in various execution contexts: ✅ Scenario 1: Ownership Change via Standard UI  Context: - User A is the current owner of a Loan_Application__c object record. - User B has no access to Loan_Application__c. Action : User A tries to assign ownership of the record to User B using Standard UI. Question: Will the operation succeed? Answer: No, because User B must have at least Read access to the record to become the new owner via the UI. Error shown: "Before you can transfer this record, the new owner needs Read permission on it and related records." ✅ Scenario 2: Ownership Change via Apex Trigger Called from Class With Sharing Context: - An Apex class (defined with with sharing)  updates a Loan_Application__c record. The record trigger changes the owner to User B. - User B does not have access to the object. Question :...
Post a Comment
Read more