Package com.vaadin.data.util.sqlcontainer

Class SQLUtil

java.lang.Object

com.vaadin.data.util.sqlcontainer.SQLUtil

All Implemented Interfaces:

Serializable

public class SQLUtil
extends Object
implements Serializable

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
SQLUtil()

Method Summary

Modifier and Type	Method	Description
static String	escapeSQL(String constant)	Escapes different special characters in strings that are passed to SQL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SQLUtil

public SQLUtil()

Method Detail

escapeSQL

public static String escapeSQL(String constant)

Escapes different special characters in strings that are passed to SQL. Replaces the following:

' is replaced with '' \x00 is removed \ is replaced with \\ " is replaced with \" \x1a is removed Also note! The escaping done here may or may not be enough to prevent any and all SQL injections so it is recommended to check user input before giving it to the SQLContainer/TableQuery.

Parameters:

constant -

Returns:

\\\'\'