- Escapes the characters in a
String
to be suitable to pass to an SQL query.
For example,
- statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" +
- At present, this method only turns single-quotes into doubled single-quotes (
"McHale's Navy"
=>"McHale''s Navy"
). It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses.
- package com.utilitySample;
- import org.apache.commons.lang.StringUtils;
- public class StringUtility {
- public static void main(String[] args) {
- String unescapedSql = "L'OREAL";
- System.out.println("After escapeSql::"+StringEscapeUtils.escapeSql(unescapedSql));
- System.out.println(unescapedSql);
- }
- }
Output :
After escapeSql::L''OREAL
L'OREAL
No comments:
Post a Comment