com.vaadin.data.util.sqlcontainer
Class SQLUtil
java.lang.Object
com.vaadin.data.util.sqlcontainer.SQLUtil
- All Implemented Interfaces:
- Serializable
public class SQLUtil
- extends Object
- implements Serializable
- See Also:
- Serialized Form
Method Summary |
static String |
escapeSQL(String constant)
Escapes different special characters in strings that are passed to SQL. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SQLUtil
public SQLUtil()
escapeSQL
public static String escapeSQL(String constant)
- Escapes different special characters in strings that are passed to SQL.
Replaces the following:
- ' is replaced with ''
- \x00 is removed
- \ is
replaced with \\
- " is replaced with \"
-
\x1a is removed
Also note! The escaping done here may or may not be enough to prevent any
and all SQL injections so it is recommended to check user input before
giving it to the SQLContainer/TableQuery.
- Parameters:
constant
-
- Returns:
- \\\'\'
Copyright © 2000-2011 Vaadin Ltd. All Rights Reserved.