Sunil02kumar · December 13, 2016 03:52
diff --git a/SOQLInjectionDemo Apex Class b/SOQLInjectionDemo Apex Class
 public class SOQLInjectionDemoController {
    public String name {get;set;}
    public String queryString{get;set;}
    public List<Account> accList{get;set;}
    public SOQLInjectionDemoController (){
       accList = new List<Account>(); 
    }
    public PageReference query() {
        if(name !=null && name !=''){
            accList = new List<Account>();
            queryString= 'SELECT Id, name, industry, BillingStreet, BillingState, BillingCity, BillingCountry FROM Account WHERE ' +
                ' Name like \'%' + name + '%\'';
            accList = Database.query(queryString);
        }else{
            ApexPages.addmessage(new ApexPages.message(ApexPages.severity.ERROR,'Please enter search text value'));
        }
        return null;
    }
 }
diff --git a/SOQLInjectionDemo VF Page b/SOQLInjectionDemo VF Page
 <apex:page controller="SOQLInjectionDemoController">
    <apex:form >
        <apex:pageMessages />
        <apex:outputText value="Name" />
        <apex:inputText value="{!name}" /> 
        <apex:commandButton value="Search Account" action="{!query}" />
        <br/> <br/>
        <apex:outputLabel value="Query String"/>
        <apex:outputText value="{!queryString}"/>
        <br/> <br/>
        <apex:pageBlock title="Search Results">
            <apex:pageBlockTable value="{!acclist}" var="acc">
                <apex:column headerValue="Name">
                    <apex:outputtext value="{!acc.name}"/>
                </apex:column>
                
                <apex:column headerValue="Industry">
                    <apex:outputtext value="{!acc.industry}"/>
                </apex:column>
                
                <apex:column headerValue="Billing Address">
                    <apex:outputtext value="{!acc.BillingStreet} {!acc.BillingCity},{!acc.BillingState}, {!acc.BillingCountry}"/>
                </apex:column>
            </apex:pageBlockTable>
        </apex:pageBlock>
    </apex:form>
 </apex:page>
	public class SOQLInjectionDemoController {
	public String name {get;set;}
	public String queryString{get;set;}
	public List<Account> accList{get;set;}
	public SOQLInjectionDemoController (){
	accList = new List<Account>();
	}
	public PageReference query() {
	if(name !=null && name !=''){
	accList = new List<Account>();
	queryString= 'SELECT Id, name, industry, BillingStreet, BillingState, BillingCity, BillingCountry FROM Account WHERE ' +
	' Name like \'%' + name + '%\'';
	accList = Database.query(queryString);
	}else{
	ApexPages.addmessage(new ApexPages.message(ApexPages.severity.ERROR,'Please enter search text value'));
	}
	return null;
	}
	}
	<apex:page controller="SOQLInjectionDemoController">
	<apex:form >
	<apex:pageMessages />
	<apex:outputText value="Name" />
	<apex:inputText value="{!name}" />
	<apex:commandButton value="Search Account" action="{!query}" />
	<br/> <br/>
	<apex:outputLabel value="Query String"/>
	<apex:outputText value="{!queryString}"/>
	<br/> <br/>
	<apex:pageBlock title="Search Results">
	<apex:pageBlockTable value="{!acclist}" var="acc">
	<apex:column headerValue="Name">
	<apex:outputtext value="{!acc.name}"/>
	</apex:column>

	<apex:column headerValue="Industry">
	<apex:outputtext value="{!acc.industry}"/>
	</apex:column>

	<apex:column headerValue="Billing Address">
	<apex:outputtext value="{!acc.BillingStreet} {!acc.BillingCity},{!acc.BillingState}, {!acc.BillingCountry}"/>
	</apex:column>
	</apex:pageBlockTable>
	</apex:pageBlock>
	</apex:form>
	</apex:page>