com.google.maps.clients.mapsengine.Security Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of mapsengine-api-java-wrapper Show documentation
Show all versions of mapsengine-api-java-wrapper Show documentation
Provides some extra sugar for the machine-generated Java library for Google Maps Engine. https://developers.google.com/api-client-library/java/apis/mapsengine/v1
package com.google.maps.clients.mapsengine;
import java.util.regex.Matcher;
/**
* Provides some security tools for manipulating data in Maps Engine.
*
* @author [email protected] (Mark McDonald)
*/
public class Security {
private Security() {}
/**
* Escapes any internal quotes and ensures the parameter is correctly (single)
* quoted. This is intended for use in string components of ‘where’ clauses,
* where user input is untrusted and potentially harmful. This is not meant
* for use in quoting column names or aliases in ‘select’ clauses, where
* quoting is different.
*
* {@code FeaturesListResponse response = engine.tables().features().list(TABLE_ID)
* .setWhere(String.format("mycolumn = %s", Security.escapeAndQuoteString(userInput)));
* }
*
* @param in A string to escape
* @return If null input, then null output. Otherwise a quoted, escaped version of the input.
*/
public static String escapeAndQuoteString(String in) {
if (in == null) {
return null;
}
String out = in
.replaceAll("\\\\", Matcher.quoteReplacement("\\\\"))
.replaceAll("'", Matcher.quoteReplacement("\\'"));
return "'" + out + "'";
}
}