You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by al...@apache.org on 2003/06/29 05:03:15 UTC
cvs commit: jakarta-commons/lang/src/java/org/apache/commons/lang StringEscapeUtils.java
alex 2003/06/28 20:03:15
Modified: lang/src/java/org/apache/commons/lang StringEscapeUtils.java
Log:
comments
refactoring
add escapeSql method
Revision Changes Path
1.13 +34 -11 jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java
Index: StringEscapeUtils.java
===================================================================
RCS file: /home/cvs/jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- StringEscapeUtils.java 24 May 2003 04:35:06 -0000 1.12
+++ StringEscapeUtils.java 29 Jun 2003 03:03:15 -0000 1.13
@@ -55,6 +55,7 @@
import java.io.IOException;
import java.io.Writer;
+import java.io.PrintWriter;
import org.apache.commons.lang.exception.NestableRuntimeException;
@@ -368,6 +369,12 @@
}
/**
+ * Unescapes any JavaScript literals found in the <code>String</code>.
+ * For example, it will turn a sequence of '\' and 'n' into a newline character,
+ * unless the '\' is preceded by another '\'.
+ *
+ * @param str The <code>String</code> to unescape.
+ * @return A new unescaped <code>String</code>.
* @see #unescapeJava(String)
*/
public static String unescapeJavaScript(String str) {
@@ -375,6 +382,13 @@
}
/**
+ * Unescapes any JavaScript literals found in the <code>String</code> to a <code>Writer</code>.
+ * For example, it will turn a sequence of '\' and 'n' into a newline character,
+ * unless the '\' is preceded by another '\'.
+ *
+ * @param out The <code>Writer</code> used to output unescaped characters.
+ * @param str The <code>String</code> to unescape.
+
* @see #unescapeJava(Writer,String)
*/
public static void unescapeJavaScript(Writer out, String str) throws IOException {
@@ -404,7 +418,9 @@
* @see </br><a href="http://www.w3.org/TR/html401/charset.html#code-position">HTML 4.01 Code positions</a>
**/
public static String escapeHtml(String str) {
- return escapeEntities(str, Entities.HTML40);
+ //todo: add a version that takes a Writer
+ //todo: rewrite underlying method to use a Writer instead of a StringBuffer
+ return Entities.HTML40.escape(str);
}
/**
@@ -422,7 +438,7 @@
* @see #escapeHtml(String)
**/
public static String unescapeHtml(String str) {
- return unescapeEntities(str, Entities.HTML40);
+ return Entities.HTML40.unescape(str);
}
/**
@@ -440,7 +456,7 @@
* @see #unescapeXml(java.lang.String)
**/
public static String escapeXml(String str) {
- return escapeEntities(str, Entities.XML);
+ return Entities.XML.escape(str);
}
/**
@@ -458,15 +474,22 @@
* @see #escapeXml(String)
**/
public static String unescapeXml(String str) {
- return unescapeEntities(str, Entities.XML);
+ return Entities.XML.unescape(str);
}
- private static String escapeEntities(String str, Entities entities) {
- return entities.escape(str);
- }
-
- private static String unescapeEntities(String str, Entities entities) {
- return entities.unescape(str);
+ /**
+ * Escapes the characters in a <code>String</code> to be suitable to pass to
+ * an SQL query. For example,
+ * <code>statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + StringEscapeUtils.escapeSql("McHale's Navy") + "'");</code>
+ * Presently, this method only turns single-quotes into doubled single-quotes.
+ * It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses.
+ * see http://www.jguru.com/faq/view.jsp?EID=8881
+ * @param s
+ * @return
+ */
+ public static String escapeSql(String s)
+ {
+ return StringUtils.replace(s, "'", "''");
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org