Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Salesforce Exam CRT-450 Topic 6 Question 61 Discussion

Actual exam question for Salesforce's CRT-450 exam
Question #: 61
Topic #: 6
[All CRT-450 Questions]

A developer is tasked to perform a security review of the ContactSearch Apex class that exists in the system. Within the class, the developer identifies the following method as a security threat:

ist performSearch (String lastName} [

return Database.query('SELECT Id, FirstName, LastName FROM Contact WHERE LastName Like

s'+lastName+'s'")?;

What are two ways the developer can update the method to prevent a SOQL injection attack?

Choose 2 answers

Show Suggested Answer Hide Answer
Suggested Answer: D

by Elmira at Sep 18, 2024, 03:00 PM

Limited Time Offer

25%

Off

Get Premium CRT-450 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Theron
30 days ago
Option C? With sharing? What is this, a company meeting? Let's stick to the actual security concerns here, folks.
upvoted 0 times
...
Ben
1 months ago
Ah, the age-old SOQL injection problem. Option A is the clear winner here. I'd rather not have my code vulnerable to SQL injections, thank you very much!
upvoted 0 times
Hannah
2 days ago
User 3: Using variable binding is a must for preventing SOQL injection.
upvoted 0 times
...
Farrah
7 days ago
User 2: Absolutely, we can't risk leaving our code vulnerable.
upvoted 0 times
...
Alesia
17 days ago
User 1: I agree, Option A is definitely the way to go.
upvoted 0 times
...
...
Cristen
1 months ago
I'm torn between A and D. Regex to remove special characters could work, but variable binding is the industry-accepted best practice. Decisions, decisions...
upvoted 0 times
...
Vanda
2 months ago
Option B? Really? Escaping single quotes? That's so 2010. Variable binding is the modern, secure way to handle this.
upvoted 0 times
Lon
9 days ago
Yes, using variable binding and replacing the dynamic query with a static SOQL is the recommended approach.
upvoted 0 times
...
Elizabeth
11 days ago
Variable binding is the modern, secure way to handle this.
upvoted 0 times
...
Vallie
1 months ago
Option B? Really? Escaping single quotes? That's so 2010.
upvoted 0 times
...
...
Nichelle
2 months ago
Option A is the way to go! Variable binding is the standard practice for preventing SOQL injection attacks. No need to mess around with sanitizing input or using regex.
upvoted 0 times
Laquita
15 days ago
User 3: It's important to follow best practices like using static SOQL to protect against security threats.
upvoted 0 times
...
Cheryl
1 months ago
User 2: Definitely, using variable binding is the most secure way to handle dynamic queries.
upvoted 0 times
...
Jame
1 months ago
User 1: I agree, option A is the best choice for preventing SOQL injection attacks.
upvoted 0 times
...
...
Stephaine
2 months ago
I also think using the escapeSingleQuotes method is important to sanitize the parameter.
upvoted 0 times
...
Lashandra
2 months ago
I agree with Levi. Using static SOQL instead of dynamic queries is a good security practice.
upvoted 0 times
...
Levi
2 months ago
I think the developer should use variable binding to prevent SOQL injection.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77