By using String.escapeSingleQuotes() method we handle single quotes in a string to inject query as shown below
Eg:
==
squery='select id,name,Project_Number__c,Description__c,Project_Manager__c,Project_Director__c,Project_Manager__r.name,Project_Director__r.name from Milestone1_Project__c where ((name like\''+String.escapeSingleQuotes(searchString)+'%\' OR Project_Number__c like\''+String.escapeSingleQuotes(searchString)+'%\'))';
Eg:
==
squery='select id,name,Project_Number__c,Description__c,Project_Manager__c,Project_Director__c,Project_Manager__r.name,Project_Director__r.name from Milestone1_Project__c where ((name like\''+String.escapeSingleQuotes(searchString)+'%\' OR Project_Number__c like\''+String.escapeSingleQuotes(searchString)+'%\'))';
No comments:
Post a Comment