FAQ-001573 - SOQL Security and User Mode Implementation / SOQL Injection and Dynamic Queries

Using `WITH USER_MODE` in a dynamic SOQL query doesn't fully mitigate all SOQL injection risks. While it enforces CRUD/FLS checks, it doesn't sanitize user input or prevent malicious input from being injected into the query. To mitigate SOQL injection risks, you should: - Use bind variables. - Sanitize user input with methods like `String.escapeSingleQuotes()`. Combining these practices with `WITH USER_MODE` ensures a more secure implementation.

The FAQ content is technically accurate and well-structured. I made minimal changes to improve readability and flow: 1. Changed "does not" to "doesn't" for a more conversational tone per the brand guidelines 2. Removed "While it enforces CRUD/FLS checks" from being a standalone sentence to improve flow 3. These minor adjustments make the text more conversational and easier to scan while preserving all original information and structure Regarding the related security rule selection: I selected ApexSOQLInjection because this FAQ directly addresses SOQL injection risks and mitigation strategies. The FAQ specifically discusses: - Dynamic SOQL queries and their injection vulnerabilities - The limitations of `WITH USER_MODE` for preventing injection - Specific mitigation techniques like bind variables and `String.escapeSingleQuotes()` - The need to combine multiple security practices This aligns perfectly with the ApexSOQLInjection rule's purpose of detecting and preventing SOQL injection vulnerabilities in Apex code.