Return-Path: Delivered-To: apmail-jakarta-commons-dev-archive@apache.org Received: (qmail 40242 invoked from network); 29 Jun 2003 03:03:17 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 29 Jun 2003 03:03:17 -0000 Received: (qmail 6602 invoked by uid 97); 29 Jun 2003 03:05:50 -0000 Delivered-To: qmlist-jakarta-archive-commons-dev@nagoya.betaversion.org Received: (qmail 6595 invoked from network); 29 Jun 2003 03:05:49 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 29 Jun 2003 03:05:49 -0000 Received: (qmail 39987 invoked by uid 500); 29 Jun 2003 03:03:16 -0000 Mailing-List: contact commons-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Jakarta Commons Developers List" Reply-To: "Jakarta Commons Developers List" Delivered-To: mailing list commons-dev@jakarta.apache.org Received: (qmail 39965 invoked by uid 500); 29 Jun 2003 03:03:16 -0000 Received: (qmail 39960 invoked from network); 29 Jun 2003 03:03:16 -0000 Received: from icarus.apache.org (208.185.179.13) by daedalus.apache.org with SMTP; 29 Jun 2003 03:03:16 -0000 Received: (qmail 47407 invoked by uid 1148); 29 Jun 2003 03:03:15 -0000 Date: 29 Jun 2003 03:03:15 -0000 Message-ID: <20030629030315.47406.qmail@icarus.apache.org> From: alex@apache.org To: jakarta-commons-cvs@apache.org Subject: cvs commit: jakarta-commons/lang/src/java/org/apache/commons/lang StringEscapeUtils.java X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N alex 2003/06/28 20:03:15 Modified: lang/src/java/org/apache/commons/lang StringEscapeUtils.java Log: comments refactoring add escapeSql method Revision Changes Path 1.13 +34 -11 jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java Index: StringEscapeUtils.java =================================================================== RCS file: /home/cvs/jakarta-commons/lang/src/java/org/apache/commons/lang/StringEscapeUtils.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- StringEscapeUtils.java 24 May 2003 04:35:06 -0000 1.12 +++ StringEscapeUtils.java 29 Jun 2003 03:03:15 -0000 1.13 @@ -55,6 +55,7 @@ import java.io.IOException; import java.io.Writer; +import java.io.PrintWriter; import org.apache.commons.lang.exception.NestableRuntimeException; @@ -368,6 +369,12 @@ } /** + * Unescapes any JavaScript literals found in the String. + * For example, it will turn a sequence of '\' and 'n' into a newline character, + * unless the '\' is preceded by another '\'. + * + * @param str The String to unescape. + * @return A new unescaped String. * @see #unescapeJava(String) */ public static String unescapeJavaScript(String str) { @@ -375,6 +382,13 @@ } /** + * Unescapes any JavaScript literals found in the String to a Writer. + * For example, it will turn a sequence of '\' and 'n' into a newline character, + * unless the '\' is preceded by another '\'. + * + * @param out The Writer used to output unescaped characters. + * @param str The String to unescape. + * @see #unescapeJava(Writer,String) */ public static void unescapeJavaScript(Writer out, String str) throws IOException { @@ -404,7 +418,9 @@ * @see
HTML 4.01 Code positions **/ public static String escapeHtml(String str) { - return escapeEntities(str, Entities.HTML40); + //todo: add a version that takes a Writer + //todo: rewrite underlying method to use a Writer instead of a StringBuffer + return Entities.HTML40.escape(str); } /** @@ -422,7 +438,7 @@ * @see #escapeHtml(String) **/ public static String unescapeHtml(String str) { - return unescapeEntities(str, Entities.HTML40); + return Entities.HTML40.unescape(str); } /** @@ -440,7 +456,7 @@ * @see #unescapeXml(java.lang.String) **/ public static String escapeXml(String str) { - return escapeEntities(str, Entities.XML); + return Entities.XML.escape(str); } /** @@ -458,15 +474,22 @@ * @see #escapeXml(String) **/ public static String unescapeXml(String str) { - return unescapeEntities(str, Entities.XML); + return Entities.XML.unescape(str); } - private static String escapeEntities(String str, Entities entities) { - return entities.escape(str); - } - - private static String unescapeEntities(String str, Entities entities) { - return entities.unescape(str); + /** + * Escapes the characters in a String to be suitable to pass to + * an SQL query. For example, + * statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + StringEscapeUtils.escapeSql("McHale's Navy") + "'"); + * Presently, this method only turns single-quotes into doubled single-quotes. + * It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses. + * see http://www.jguru.com/faq/view.jsp?EID=8881 + * @param s + * @return + */ + public static String escapeSql(String s) + { + return StringUtils.replace(s, "'", "''"); } } --------------------------------------------------------------------- To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: commons-dev-help@jakarta.apache.org