StringEscapeUtils.escapeSql


  •  Escapes the characters in a String to be suitable to pass to an SQL query.



For example,
  • statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" +
StringEscapeUtils.escapeSql("McHale's Navy") + "'");

  • At present, this method only turns single-quotes into doubled single-quotes ("McHale's Navy" => "McHale''s Navy"). It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses.

  1.  package com.utilitySample;
  2.  import org.apache.commons.lang.StringUtils;

  3.  public class StringUtility {
  4.  public static void main(String[] args) {
  5.    String unescapedSql = "L'OREAL";
  6.    System.out.println("After escapeSql::"+StringEscapeUtils.escapeSql(unescapedSql));
  7.    System.out.println(unescapedSql);
  8. }
  9.  }

Output :

 After escapeSql::L''OREAL
 L'OREAL

No comments:

Post a Comment