alex 2003/06/28 20:03:15 Modified: lang/src/java/org/apache/commons/lang StringEscapeUtils.java Log: comments refactoring add escapeSql method Revision Changes Path 1.13 +34 -11 jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java Index: StringEscapeUtils.java =================================================================== RCS file: /home/cvs/jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- StringEscapeUtils.java 24 May 2003 04:35:06 -0000 1.12 +++ StringEscapeUtils.java 29 Jun 2003 03:03:15 -0000 1.13 @@ -55,6 +55,7 @@ import java.io.IOException; import java.io.Writer; +import java.io.PrintWriter; import org.apache.commons.lang.exception.NestableRuntimeException; @@ -368,6 +369,12 @@ } /** + * Unescapes any JavaScript literals found in the <code>String</code>. + * For example, it will turn a sequence of '\' and 'n' into a newline character, + * unless the '\' is preceded by another '\'. + * + * @param str The <code>String</code> to unescape. + * @return A new unescaped <code>String</code>. * @see #unescapeJava(String) */ public static String unescapeJavaScript(String str) { @@ -375,6 +382,13 @@ } /** + * Unescapes any JavaScript literals found in the <code>String</code> to a <code>Writer</code>. + * For example, it will turn a sequence of '\' and 'n' into a newline character, + * unless the '\' is preceded by another '\'. + * + * @param out The <code>Writer</code> used to output unescaped characters. + * @param str The <code>String</code> to unescape. + * @see #unescapeJava(Writer,String) */ public static void unescapeJavaScript(Writer out, String str) throws IOException { @@ -404,7 +418,9 @@ * @see </br><a href="http://www.w3.org/TR/html401/charset.html#code-position">HTML 4.01 Code positions</a> **/ public static String escapeHtml(String str) { - return escapeEntities(str, Entities.HTML40); + //todo: add a version that takes a Writer + //todo: rewrite underlying method to use a Writer instead of a StringBuffer + return Entities.HTML40.escape(str); } /** @@ -422,7 +438,7 @@ * @see #escapeHtml(String) **/ public static String unescapeHtml(String str) { - return unescapeEntities(str, Entities.HTML40); + return Entities.HTML40.unescape(str); } /** @@ -440,7 +456,7 @@ * @see #unescapeXml(java.lang.String) **/ public static String escapeXml(String str) { - return escapeEntities(str, Entities.XML); + return Entities.XML.escape(str); } /** @@ -458,15 +474,22 @@ * @see #escapeXml(String) **/ public static String unescapeXml(String str) { - return unescapeEntities(str, Entities.XML); + return Entities.XML.unescape(str); } - private static String escapeEntities(String str, Entities entities) { - return entities.escape(str); - } - - private static String unescapeEntities(String str, Entities entities) { - return entities.unescape(str); + /** + * Escapes the characters in a <code>String</code> to be suitable to pass to + * an SQL query. For example, + * <code>statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + StringEscapeUtils.escapeSql("McHale's Navy") + "'");</code> + * Presently, this method only turns single-quotes into doubled single-quotes. + * It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses. + * see http://www.jguru.com/faq/view.jsp?EID=8881 + * @param s + * @return + */ + public static String escapeSql(String s) + { + return StringUtils.replace(s, "'", "''"); } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]