How do I properly escape single quotes in SOSL queries without breaking functionality?
Answer
To properly escape single quotes in SOSL queries without breaking functionality, use the `String.escapeSingleQuotes()` method. This method adds an escape character (`\`) to all single quotes in the user-supplied string, ensuring they are treated as part of the string rather than as database commands. For more complex scenarios, combine this method with other input validation techniques for comprehensive protection.
How do I properly escape single quotes in SOSL queries without breaking functionality?
Recommended Answer Update
To properly escape single quotes in SOSL queries without breaking functionality, use the `String.escapeSingleQuotes()` method. This method adds an escape character (`\`) to all single quotes in the user-supplied string, ensuring they're treated as part of the string rather than as database commands. For more complex scenarios, combine this method with other input validation techniques for comprehensive protection.
Reasoning
The main issue identified is a minor technical inaccuracy in the escape character representation. The current answer shows a single backslash (`\`) when describing the escape character, but in the context of explaining what the method does, it should show a double backslash (`\\`) to accurately represent how the escape character appears in the processed string. This clarification helps users understand exactly what the String.escapeSingleQuotes() method produces. I also improved the conversational tone by changing 'are' to 'they're' to follow the brand guidelines for using contractions. The ApexSOQLInjection rule is directly related because this FAQ teaches developers how to prevent SOQL injection attacks by properly escaping user input in SOSL queries. The FAQ's core content about using String.escapeSingleQuotes() method to prevent injection attacks by escaping single quotes is exactly what this security rule is designed to detect and prevent.