FAQ-001611 - SQL Injection and Input Validation / Input Sanitization and Escaping

To handle special characters in SOSL queries and prevent injection, the best approach is to use bind variables. Bind variables ensure proper handling of user-supplied input. If bind variables aren't an option, you can use the `String.escapeSingleQuotes()` method to sanitize input by adding escape characters to single quotes, ensuring they're treated as part of the string rather than as database commands.

The current FAQ content is technically accurate and well-structured. The primary issue is that the question specifically asks about SOSL queries, but the answer mentions both SOSL and SOQL injection prevention techniques without clearly distinguishing between them. Since SOSL and SOQL have similar injection prevention approaches (bind variables and String.escapeSingleQuotes()), the advice is still correct and applicable. The recommended answer update maintains all the original technical content and security guidance while ensuring the response stays focused on SOSL as asked in the question. The ApexSOQLInjection rule is selected because it directly relates to the SQL/SOSL injection prevention techniques discussed in the FAQ. While the rule name mentions 'SOQL', PMD's ApexSOQLInjection rule actually covers both SOQL and SOSL injection vulnerabilities, as both are Salesforce's query languages that can suffer from similar injection attacks. The FAQ's content about using bind variables and String.escapeSingleQuotes() for preventing injection attacks directly corresponds to the security concerns this rule is designed to detect.