Is ROQL injection possible with single quote?
I am calling: this rest endpoint. We are sending in the following query (url encoded). "email" is sent from users, so potentially dangerous.
WHERE Contacts.Emails.Address = '`+email+`' LIMIT 1
Do I need to ensure that email is escaped? I.E we are currently allowing user to input a single quote, could this be used maliciously to achieve ROQL injection?