• Home
• com.vaadin
• vaadin-server
• 7.7.44
• source code
• SQLUtil.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.vaadin.data.util.sqlcontainer.SQLUtil Maven / Gradle / Ivy

/*
 * Vaadin Framework 7
 *
 * Copyright (C) 2000-2024 Vaadin Ltd
 *
 * This program is available under Vaadin Commercial License and Service Terms.
 *
 * See  for the full
 * license.
 */
package com.vaadin.data.util.sqlcontainer;

import java.io.Serializable;

public class SQLUtil implements Serializable {
    /**
     * Escapes different special characters in strings that are passed to SQL.
     * Replaces the following:
     *
     * 
     * 
' is replaced with ''
     * 
\x00 is removed
     * 
\ is replaced with \\
     * 
" is replaced with \"
     * 
\x1a is removed
 
     *
     * Also note! The escaping done here may or may not be enough to prevent any
     * and all SQL injections so it is recommended to check user input before
     * giving it to the SQLContainer/TableQuery.
     *
     * @param constant
     * @return \\\'\'
     */
    public static String escapeSQL(String constant) {
        if (constant == null) {
            return null;
        }
        String fixedConstant = constant;
        fixedConstant = fixedConstant.replaceAll("\\\\x00", "");
        fixedConstant = fixedConstant.replaceAll("\\\\x1a", "");
        fixedConstant = fixedConstant.replaceAll("'", "''");
        fixedConstant = fixedConstant.replaceAll("\\\\", "\\\\\\\\");
        fixedConstant = fixedConstant.replaceAll("\\\"", "\\\\\"");
        return fixedConstant;
    }
}