FAQ-001608 - SQL Injection and Input Validation / Input Sanitization and Escaping

Using `escapeSingleQuotes` as part of SOQL injection mitigation is acceptable for sanitizing user-supplied input in a dynamically generated query, but only for simple string comparisons. It should always be combined with other techniques, such as using bind variables, for comprehensive protection. Sole reliance on `escapeSingleQuotes` isn't recommended, especially for complex queries or scenarios requiring additional input validation.

The current answer contains a minor wording inconsistency that could create confusion. The phrase 'is not recommended' could be interpreted as making the technique sound more problematic than intended, while the context clearly shows it's about 'sole reliance' being the issue. Changed 'is not recommended' to 'isn't recommended' to maintain the conversational tone established elsewhere in the answer and create better flow. This minor adjustment improves clarity without changing the technical content or security guidance. The ApexSOQLInjection rule is directly relevant because this FAQ specifically addresses SOQL injection mitigation techniques. The FAQ content discusses 'SOQL injection mitigation' and 'escapeSingleQuotes' as a sanitization method for 'dynamically generated query', which directly corresponds to the ApexSOQLInjection rule's purpose of detecting and preventing SOQL injection vulnerabilities in Apex code.