Friday, 28 April 2017

                 Jquery Validation In Visual force pages:


Here I'm going to explain how we can use jquery in visualforce pages.Scenario is very simple if user has to enter the name in account name field.If account name is  less than 2 character  it shows warning  message to the  user.

Whats the use of this post?
This Post shows how to embeded jquery in visualforce Pages.Use this Logic according to your requirement.

For Example:If user is filling the 'Form' (may be Website) that time you have to validate the information means you can easily achieve it using this logic

<apex:page standardcontroller="Account" showHeader="false" standardStylesheets="false">
<apex:stylesheet value="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"/>
<apex:includeScript value="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" />
<apex:includeScript value="https://ajax.microsoft.com/ajax/jquery.validate/1.6/jquery.validate.min.js"/>
<apex:includeScript value="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"/>
<!-- Jquery Logic Starts here -->
<script type="text/javascript">
    $ = jQuery.noConflict();
    $(document).ready(function() {
        $('[id$=Form]').validate();          
        $('[id$=name]').rules("add",{
            required: true,
            minlength:2,
            messages:{
                required:"
<br/>Required input",
                minlength: jQuery.validator.format("
<br/>
<label style='color:red'>Please, at least 2 characters are necessary</label>"),
            }
        });  
     
     
    });
  </script>
<apex:form id="Form" >
<apex:outputlabel for="name">Account Name
<span class="star">*</span>
</apex:outputlabel>
<apex:inputtext id="name" value="{!account.name}" required="true"/>
<apex:commandButton value="Save" action="{!save}" />
</apex:form>
</apex:page>

I hope you enjoy this post..Have a great day..

Friday, 21 April 2017

                                     SOQL Injection


 SOQL Injection is the breach of our application security which is dangerous for our valuable data. This happens because preventive measures are not taken into consideration when we write our SOQL queries for any DML operation.

  Let’s see  below example. I created a string variable searchstring; and used the variable in the LIKE query. This search string gets its input from the data entered by the user in the text box in the visualforce page. The searchstring passes the query string variable inside the database.query() method.
------------------------------------------------------------------------------------------------------------------

 <apex:page standardController="account" extensions="accsearchcontroller">
    <apex:form >
        <apex:inputText value="{!searchstring}" label="Input"/>
        <apex:commandButton value="Search records" action="{!search}"/>
        <apex:commandButton value="Clear records" action="{!clear}"/>
        <apex:pageBlock title="Search Result">
            <apex:pageblockTable value="{!acc}" var="a">
                <apex:column >
                    <apex:outputlink value="https://ap1.salesforce.com/{!a.id}">{!a.Name}</apex:outputlink>
                </apex:column>
                <apex:column value="{!a.id}"/>
            </apex:pageBlockTable>  
        </apex:pageBlock>
    </apex:form>
</apex:page>
 ----------------------------------------------------------------------------------------------------------
  public  class accsearchcontroller {
   public list <account> acc {get;set;}
   public string searchstring {get;set;}
   public accsearchcontroller(ApexPages.StandardController controller) {
   }
   public void search(){
     string searchquery='select name,id from account where name like \'%'+searchstring+'%\' Limit 20';
     acc= Database.query(searchquery);
   }
   public void clear(){
   acc.clear();
   }
 }
--------------------------------------------------------------------------------------------------------------
I Hope  our  code is working fine.Now we will start our discussion on SOQL Injection

Suppose if user provides this input :test%.

What will happen ?Please try it once?!!!
You got error.Suddenly you are working code shows error???!!!!

So next question??!!!

Why It throws error ? Answer is very simple  soql query dont know how to handle the user Injected data (Interesting!!!).

Then  how to resolve it ?

To prevent a SOQL injection attack, avoid using dynamic SOQL queries. Instead, use static queries and binding variables. The vulnerable example above can be re-written using static SOQL as follows:


 public  class accsearchcontroller {
   public list <account> acc {get;set;}
   public string searchstring {get;set;}
   
   public accsearchcontroller(ApexPages.StandardController controller) {
   }
   public void search(){
     acc=[select name,id from account where (IsDeleted = false and Name like :searchstring)];
 
   }
   public void clear(){
   acc.clear();
   }
 }
---------------------------------------------------------------------------------------------------------

<apex:page standardController="account" extensions="accsearchcontroller">
    <apex:form >
        <apex:inputText value="{!searchstring}" label="Input"/>
        <apex:commandButton value="Search records" action="{!search}"/>
        <apex:commandButton value="Clear records" action="{!clear}"/>
        <apex:pageBlock title="Search Result">
            <apex:pageblockTable value="{!acc}" var="a">
                <apex:column >
                    <apex:outputlink value="https://ap1.salesforce.com/{!a.id}">{!a.Name}</apex:outputlink>
                </apex:column>
                <apex:column value="{!a.id}"/>
            </apex:pageBlockTable>  
        </apex:pageBlock>
    </apex:form>
</apex:page>  

Monday, 17 April 2017

How to find total number of records of each object in salesforce ?

Hi All,

          Sometimes we are asked to share total number of records of each object and some clients are interested to know about the storage space as well.


How to do that?

Salesforce is so smart. You can easily keep track of how many numbers of records are there in your organization.

 Login-->Set up-->Data Management-->Storage Usage

For your reference, I have attached screen shot below