Package org.geotools.jdbc
Class EscapeSql
- Object
-
- EscapeSql
-
public class EscapeSql extends Object
Perform basic SQL validation on input string. This is to allow safe encoding of parameters that must contain quotes, while still protecting users from SQL injection.We prevent SQL from breaking out of quotes by replacing any quotes in input stream with double quotes. Backslashes are too risky to allow so are removed completely
-
-
Constructor Summary
Constructors Constructor Description EscapeSql()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static String
escapeLiteral(String literal, boolean escapeBackslash, boolean escapeDoubleQuote)
static String
escapeSql(String str)
-