Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.vaadin.data.util.sqlcontainer
Class SQLUtil

java.lang.Object
  extended by com.vaadin.data.util.sqlcontainer.SQLUtil
All Implemented Interfaces:
Serializable
public class SQLUtil
extends Object
implements Serializable

See Also:
Serialized Form

Constructor Summary
SQLUtil()
           
 
Method Summary
static String escapeSQL(String constant)
          Escapes different special characters in strings that are passed to SQL.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SQLUtil

public SQLUtil()
Method Detail

escapeSQL

public static String escapeSQL(String constant)
Escapes different special characters in strings that are passed to SQL. Replaces the following:
  • ' is replaced with ''
  • \x00 is removed
  • \ is replaced with \\
  • " is replaced with \"
  • \x1a is removed
    •  Also note! The escaping done here may or may not be enough to prevent any and all SQL injections so it is recommended to check user input before giving it to the SQLContainer/TableQuery.

    Parameters:
    constant -
    Returns:
    \\\'\'
    Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
     PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
    SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
    Copyright © 2000-2011 Vaadin Ltd. All Rights Reserved.