Class EscapeSql

  • public class EscapeSql
    extends Object
    Perform basic SQL validation on input string. This is to allow safe encoding of parameters that must contain quotes, while still protecting users from SQL injection.

    We prevent SQL from breaking out of quotes by replacing any quotes in input stream with double quotes. Backslashes are too risky to allow so are removed completely

    • Constructor Summary

      Constructor Description
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static String escapeLiteral​(String literal, boolean escapeBackslash, boolean escapeDoubleQuote)  
      static String escapeSql​(String str)  
      • Methods inherited from class Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • EscapeSql

        public EscapeSql()
    • Method Detail

      • escapeLiteral

        public static String escapeLiteral​(String literal,
                                           boolean escapeBackslash,
                                           boolean escapeDoubleQuote)
      • escapeSql

        public static String escapeSql​(String str)