commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject cvs commit: jakarta-commons/lang/src/java/org/apache/commons/lang StringEscapeUtils.java
Date Sun, 29 Jun 2003 03:03:15 GMT
alex        2003/06/28 20:03:15

  Modified:    lang/src/java/org/apache/commons/lang StringEscapeUtils.java
  Log:
  comments
  refactoring
  add escapeSql method
  
  Revision  Changes    Path
  1.13      +34 -11    jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java
  
  Index: StringEscapeUtils.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- StringEscapeUtils.java	24 May 2003 04:35:06 -0000	1.12
  +++ StringEscapeUtils.java	29 Jun 2003 03:03:15 -0000	1.13
  @@ -55,6 +55,7 @@
   
   import java.io.IOException;
   import java.io.Writer;
  +import java.io.PrintWriter;
   
   import org.apache.commons.lang.exception.NestableRuntimeException;
   
  @@ -368,6 +369,12 @@
       }
   
       /**
  +     * Unescapes any JavaScript literals found in the <code>String</code>.
  +     * For example, it will turn a sequence of '\' and 'n' into a newline character,
  +     * unless the '\' is preceded by another '\'.
  +     *
  +     * @param str The <code>String</code> to unescape.
  +     * @return A new unescaped <code>String</code>.
        * @see #unescapeJava(String)
        */
       public static String unescapeJavaScript(String str) {
  @@ -375,6 +382,13 @@
       }
   
       /**
  +     * Unescapes any JavaScript literals found in the <code>String</code> to
a <code>Writer</code>.
  +     * For example, it will turn a sequence of '\' and 'n' into a newline character,
  +     * unless the '\' is preceded by another '\'.
  +     *
  +     * @param out The <code>Writer</code> used to output unescaped characters.
  +     * @param str The <code>String</code> to unescape.
  +
        * @see #unescapeJava(Writer,String)
        */
       public static void unescapeJavaScript(Writer out, String str) throws IOException {
  @@ -404,7 +418,9 @@
        * @see </br><a href="http://www.w3.org/TR/html401/charset.html#code-position">HTML
4.01 Code positions</a>
        **/
       public static String escapeHtml(String str) {
  -        return escapeEntities(str, Entities.HTML40);
  +        //todo: add a version that takes a Writer
  +        //todo: rewrite underlying method to use a Writer instead of a StringBuffer
  +        return Entities.HTML40.escape(str);
       }
   
       /**
  @@ -422,7 +438,7 @@
        * @see #escapeHtml(String)
        **/
       public static String unescapeHtml(String str) {
  -        return unescapeEntities(str, Entities.HTML40);
  +        return Entities.HTML40.unescape(str);
       }
   
       /**
  @@ -440,7 +456,7 @@
        * @see #unescapeXml(java.lang.String)
        **/
       public static String escapeXml(String str) {
  -        return escapeEntities(str, Entities.XML);
  +        return Entities.XML.escape(str);
       }
   
       /**
  @@ -458,15 +474,22 @@
        * @see #escapeXml(String)
        **/
       public static String unescapeXml(String str) {
  -        return unescapeEntities(str, Entities.XML);
  +        return Entities.XML.unescape(str);
       }
   
  -    private static String escapeEntities(String str, Entities entities) {
  -        return entities.escape(str);
  -    }
  -
  -    private static String unescapeEntities(String str, Entities entities) {
  -        return entities.unescape(str);
  +    /**
  +     * Escapes the characters in a <code>String</code> to be suitable to pass
to
  +     * an SQL query.  For example,
  +     * <code>statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + StringEscapeUtils.escapeSql("McHale's
Navy") + "'");</code>
  +     * Presently, this method only turns single-quotes into doubled single-quotes.
  +     * It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses.
  +     * see http://www.jguru.com/faq/view.jsp?EID=8881
  +     * @param s
  +     * @return
  +     */
  +    public static String escapeSql(String s)
  +    {
  +        return StringUtils.replace(s, "'", "''");
       }
   
   }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message