FAQ-001594 - SQL Injection and Input Validation / Dynamic SOQL Query Construction

For @AuraEnabled methods, the recommended alternatives to dynamic SOQL queries are: 1. **Static SOQL Queries with Bind Variables**: Use static queries and bind variables to safely include user input, ensuring it is sanitized and preventing SOQL injection. 2. **Use `sObjectType` or `sObjectFields`**: Construct queries using these instead of strings to avoid injection risks and enable proper CRUD/FLS checks. 3. **Sanitize Parameters**: Ensure all parameters passed to database operations are sanitized. 4. **Implement CRUD/FLS Checks**: Validate user permissions to access objects and fields using modern approaches like `WITH USER_MODE` for SOQL queries or `AccessLevel.USER_MODE` for Database methods, which automatically enforce permissions with less code. These practices enhance security and prevent vulnerabilities in your @AuraEnabled methods.

The FAQ content is accurate and well-structured but needed minor improvements to align with modern security practices. I enhanced point 4 to prioritize modern permission enforcement approaches (`WITH USER_MODE` and `AccessLevel.USER_MODE`) while preserving the original structure and information. This follows the security approaches guidelines which recommend leading with modern features over legacy approaches. I selected ApexSOQLInjection because the FAQ directly addresses preventing SOQL injection vulnerabilities through static queries and parameter sanitization - this rule detects exactly the security risks this FAQ is helping developers avoid. I selected ApexCRUDViolation because the FAQ explicitly mentions implementing CRUD/FLS checks to validate user permissions, and this rule identifies when these security checks are missing from Apex code that accesses Salesforce data.