EscapeSql

public class EscapeSql extends Object

Perform basic SQL validation on input string. This is to allow safe encoding of parameters that must contain quotes, while still protecting users from SQL injection.

We prevent SQL from breaking out of quotes by replacing any quotes in input stream with double quotes. Backslashes are too risky to allow so are removed completely

Constructor Summary

Constructors

Constructor

Description

EscapeSql()
Method Summary

Modifier and Type

Method

Description

static String

escapeLiteral(String literal, boolean escapeBackslash, boolean escapeDoubleQuote)

static String

escapeSql(String str)

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- EscapeSql
  
  public EscapeSql()
Method Details
- escapeLiteral
  
  public static String escapeLiteral(String literal, boolean escapeBackslash, boolean escapeDoubleQuote)
- escapeSql
  
  public static String escapeSql(String str)

Class EscapeSql

Constructor Summary

Method Summary

Methods inherited from class Object

Constructor Details

EscapeSql

Method Details

escapeLiteral

escapeSql