Which statement is true regarding the use of user input as part of a dynamic SOQL query?
A. Free text input should not be allowed, to avoid SOQL injection
B. The String.format() method should be used to prevent injection
C. Quotes should be escaped to protect against SOQL injection
D. The string should be URL encoded by the input form to prevent errors
Suggest answer: C
Reference:
No comments:
Please share to make the community better.