Package marauroa.server.db

Class StringChecker

java.lang.Object

marauroa.server.db.StringChecker

public class StringChecker
extends Object

Helper class to validate strings and escape SQL strings.

Author:

miguel

Constructor Summary

Constructors

Constructor	Description
StringChecker()

Method Summary

Modifier and Type	Method	Description
static String	escapeSQLString(String param)	Escapes ' and \ in a string so that the result can be passed into an SQL command.
static String	trimAndEscapeSQLString(String param, int size)	Trims the string to the specified size without error in case it is already shorter.
static String	trimEmptyToNull(String s)	trims a string to null
static boolean	validString(String string)	This method returns true if a string is valid because it lacks of any kind of control or escape character.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

StringChecker

public StringChecker()

Method Details

validString

public static boolean validString(String string)

This method returns true if a string is valid because it lacks of any kind of control or escape character.

Parameters:

string - The string to check

Returns:

true if the string is valid for storing it at database or as XML.

escapeSQLString

public static String escapeSQLString(String param)

Escapes ' and \ in a string so that the result can be passed into an SQL command. The parameter has be quoted using ' in the sql. Most database engines accept single quotes around numbers as well.

Please note that special characters for LIKE and other matching commands are not quotes. The result of this method is suitable for INSERT, UPDATE and an "=" operator in the WHERE part.

Parameters:

param - string to quote

Returns:

quoted string

trimAndEscapeSQLString

public static String trimAndEscapeSQLString(String param,
 int size)

Trims the string to the specified size without error in case it is already shorter. Escapes ' and \ in a string so that the result can be passed into an SQL command. The parameter has be quoted using ' in the sql. Most database engines accept single quotes around numbers as well.

Please note that special characters for LIKE and other matching commands are not quotes. The result of this method is suitable for INSERT, UPDATE and an "=" operator in the WHERE part.

Parameters:

param - string to quote

size - maximal length of this string before encoding

Returns:

quoted string

trimEmptyToNull

public static String trimEmptyToNull(String s)

trims a string to null

Parameters:

s - string

Returns:

null, if the string was null or empty, s.trim() otherweise