New Topic/Question
Reply
Hello, I have been trying to find a method that escapes sql statements in a Java String with no luck so far. I am using SQLLite and the standard java.sql package. I know org.apache has that in and a lot more, but I rather not download another library if possible. Any thoughts?
10 Replies - 623 Views - Last Post: 06 June 2009 - 02:56 PM
Rate Topic:
MultiQuoteReplies To: Escaping SQL Strings
#4
pbl
- There is nothing you can't do with a JTable
-
Reputation: 8066
- Posts: 31,310
- Joined: 06-March 08
Re: Escaping SQL Strings
Posted 05 June 2009 - 06:07 PM
Mike007, on 5 Jun, 2009 - 05:02 PM, said:
To prevent SQL injections you have mysql_real_escape_string() function in PHP. I want to find something similar for Java that's all.
Java has a nice feature called PreparedStament that is the standard way of preventing SQL injection in Java
Was This Post Helpful?
0
#6
pbl
- There is nothing you can't do with a JTable
-
Reputation: 8066
- Posts: 31,310
- Joined: 06-March 08
Re: Escaping SQL Strings
Posted 05 June 2009 - 06:18 PM
Mike007, on 5 Jun, 2009 - 05:15 PM, said:
Ok thank you seems to be what I was looking for.
Me or my answer ?
Mike007, on 5 Jun, 2009 - 05:15 PM, said:
Is there also a standard way to encode and decode html entities to characters ('&' -> '&') ?
I leave the HTML stuff to others: SQL is my stuff but not that decorating stuff
Was This Post Helpful?
1
#8
g00se
- D.I.C Lover
-
Reputation: 2146
- Posts: 8,924
- Joined: 20-September 08
Re: Escaping SQL Strings
Posted 06 June 2009 - 09:13 AM
You can decode html entities using this sort of thing. You should be able to work out encoding from it too:
import java.util.LinkedHashMap;
import java.util.Map;
public class HtmlEntities {
private static Map<String, Character> m = new LinkedHashMap<String, Character>();
static {
m.put(" ", (char) 160);
m.put("¡", (char) 161);
m.put("¢", (char) 162);
m.put("£", (char) 163);
m.put("¤", (char) 164);
m.put("¥", (char) 165);
m.put("¦", (char) 166);
m.put("§", (char) 167);
m.put("¨", (char) 168);
m.put("©", (char) 169);
m.put("ª", (char) 170);
m.put("«", (char) 171);
m.put("¬", (char) 172);
m.put("­", (char) 173);
m.put("®", (char) 174);
m.put("¯", (char) 175);
m.put("°", (char) 176);
m.put("±", (char) 177);
m.put("²", (char) 178);
m.put("³", (char) 179);
m.put("´", (char) 180);
m.put("µ", (char) 181);
m.put("¶", (char) 182);
m.put("·", (char) 183);
m.put("¸", (char) 184);
m.put("¹", (char) 185);
m.put("º", (char) 186);
m.put("»", (char) 187);
m.put("¼", (char) 188);
m.put("½", (char) 189);
m.put("¾", (char) 190);
m.put("¿", (char) 191);
m.put("×", (char) 215);
m.put("÷", (char) 247);
m.put("À", (char) 192);
m.put("Á", (char) 193);
m.put("Â", (char) 194);
m.put("Ã", (char) 195);
m.put("Ä", (char) 196);
m.put("Å", (char) 197);
m.put("Æ", (char) 198);
m.put("Ç", (char) 199);
m.put("È", (char) 200);
m.put("É", (char) 201);
m.put("Ê", (char) 202);
m.put("Ë", (char) 203);
m.put("Ì", (char) 204);
m.put("Í", (char) 205);
m.put("Î", (char) 206);
m.put("Ï", (char) 207);
m.put("Ð", (char) 208);
m.put("Ñ", (char) 209);
m.put("Ò", (char) 210);
m.put("Ó", (char) 211);
m.put("Ô", (char) 212);
m.put("Õ", (char) 213);
m.put("Ö", (char) 214);
m.put("Ø", (char) 216);
m.put("Ù", (char) 217);
m.put("Ú", (char) 218);
m.put("Û", (char) 219);
m.put("Ü", (char) 220);
m.put("Ý", (char) 221);
m.put("Þ", (char) 222);
m.put("ß", (char) 223);
m.put("à", (char) 224);
m.put("á", (char) 225);
m.put("â", (char) 226);
m.put("ã", (char) 227);
m.put("ä", (char) 228);
m.put("å", (char) 229);
m.put("æ", (char) 230);
m.put("ç", (char) 231);
m.put("è", (char) 232);
m.put("é", (char) 233);
m.put("ê", (char) 234);
m.put("ë", (char) 235);
m.put("ì", (char) 236);
m.put("í", (char) 237);
m.put("î", (char) 238);
m.put("ï", (char) 239);
m.put("ð", (char) 240);
m.put("ñ", (char) 241);
m.put("ò", (char) 242);
m.put("ó", (char) 243);
m.put("ô", (char) 244);
m.put("õ", (char) 245);
m.put("ö", (char) 246);
m.put("ø", (char) 248);
m.put("ù", (char) 249);
m.put("ú", (char) 250);
m.put("û", (char) 251);
m.put("ü", (char) 252);
m.put("ý", (char) 253);
m.put("þ", (char) 254);
m.put("ÿ", (char) 255);
}
// For testing
public static void main(String[] args) {
StringBuilder sb = new StringBuilder(args[0]);
java.util.regex.Matcher m = java.util.regex.Pattern.compile("&[A-Za-z]+;").matcher(sb);
int matchPointer = 0;
while (m.find(matchPointer)) {
sb.replace(m.start(), m.end(), "" + HtmlEntities.fromHtmlEntity(m.group()));
matchPointer = m.start();
}
System.out.println(sb);
}
public static char fromHtmlEntity(String s) {
return m.get(s);
}
}
Was This Post Helpful?
1
#9
Mike007
- D.I.C Regular
-
Reputation: 7
- Posts: 332
- Joined: 30-August 07
Re: Escaping SQL Strings
Posted 06 June 2009 - 11:32 AM
Ok thank you, this works for decoding, but what structure can you use for encoding? In this instance I have to find the right key for a given value.
Was This Post Helpful?
0
#11
Mike007
- D.I.C Regular
-
Reputation: 7
- Posts: 332
- Joined: 30-August 07
Re: Escaping SQL Strings
Posted 06 June 2009 - 02:56 PM
yeah I had to write some loops and do a few things to match a value to a key. Just thought there is an easier way. Here is the code if anyone is interested:
And unit test
public class HtmlEntities
{
private static Map<String, Character> map = new LinkedHashMap<String, Character>();
static
{
map.put(""", (char) 34);
map.put("&", (char) 38);
map.put("<", (char) 60);
map.put(">", (char) 62);
map.put(" ", (char) 160);
map.put("¡", (char) 161);
map.put("¢", (char) 162);
map.put("£", (char) 163);
map.put("¤", (char) 164);
map.put("¥", (char) 165);
map.put("¦", (char) 166);
map.put("§", (char) 167);
map.put("¨", (char) 168);
map.put("©", (char) 169);
map.put("ª", (char) 170);
map.put("«", (char) 171);
map.put("¬", (char) 172);
map.put("­", (char) 173);
map.put("®", (char) 174);
map.put("¯", (char) 175);
map.put("°", (char) 176);
map.put("±", (char) 177);
map.put("²", (char) 178);
map.put("³", (char) 179);
map.put("´", (char) 180);
map.put("µ", (char) 181);
map.put("¶", (char) 182);
map.put("·", (char) 183);
map.put("¸", (char) 184);
map.put("¹", (char) 185);
map.put("º", (char) 186);
map.put("»", (char) 187);
map.put("¼", (char) 188);
map.put("½", (char) 189);
map.put("¾", (char) 190);
map.put("¿", (char) 191);
map.put("×", (char) 215);
map.put("÷", (char) 247);
map.put("À", (char) 192);
map.put("Á", (char) 193);
map.put("Â", (char) 194);
map.put("Ã", (char) 195);
map.put("Ä", (char) 196);
map.put("Å", (char) 197);
map.put("Æ", (char) 198);
map.put("Ç", (char) 199);
map.put("È", (char) 200);
map.put("É", (char) 201);
map.put("Ê", (char) 202);
map.put("Ë", (char) 203);
map.put("Ì", (char) 204);
map.put("Í", (char) 205);
map.put("Î", (char) 206);
map.put("Ï", (char) 207);
map.put("Ð", (char) 208);
map.put("Ñ", (char) 209);
map.put("Ò", (char) 210);
map.put("Ó", (char) 211);
map.put("Ô", (char) 212);
map.put("Õ", (char) 213);
map.put("Ö", (char) 214);
map.put("Ø", (char) 216);
map.put("Ù", (char) 217);
map.put("Ú", (char) 218);
map.put("Û", (char) 219);
map.put("Ü", (char) 220);
map.put("Ý", (char) 221);
map.put("Þ", (char) 222);
map.put("ß", (char) 223);
map.put("à", (char) 224);
map.put("á", (char) 225);
map.put("â", (char) 226);
map.put("ã", (char) 227);
map.put("ä", (char) 228);
map.put("å", (char) 229);
map.put("æ", (char) 230);
map.put("ç", (char) 231);
map.put("è", (char) 232);
map.put("é", (char) 233);
map.put("ê", (char) 234);
map.put("ë", (char) 235);
map.put("ì", (char) 236);
map.put("í", (char) 237);
map.put("î", (char) 238);
map.put("ï", (char) 239);
map.put("ð", (char) 240);
map.put("ñ", (char) 241);
map.put("ò", (char) 242);
map.put("ó", (char) 243);
map.put("ô", (char) 244);
map.put("õ", (char) 245);
map.put("ö", (char) 246);
map.put("ø", (char) 248);
map.put("ù", (char) 249);
map.put("ú", (char) 250);
map.put("û", (char) 251);
map.put("ü", (char) 252);
map.put("ý", (char) 253);
map.put("þ", (char) 254);
map.put("ÿ", (char) 255);
}
private static char fromHtmlEntity(String str)
{
return map.get(str);
}
/**
* Finds the value and returns the key that corresponds to that value. If value not found
* returns null.
* @param value The value to be found.
* @return The key corresponding to the value that was found or null if value not found.
*/
private static String findValue(char value)
{
Set<String> keySet = map.keySet();
Iterator<String> i = keySet.iterator();
String key = i.next(); // key
boolean found = false;
String result = null;
while(i.hasNext() && !found)
{
if(map.get(key).charValue() == value)
{
found = true;
result = key;
}
key = i.next();
}
return result;
}
/**
* Converts special characters in ASCII into html entities (e.g. & -> &)
* @param encode The string to be encoded.
* @return The encoded string with HTML entities.
*/
public static String encode(String encode)
{
StringBuilder str = new StringBuilder(encode);
String key;
int i = 0;
// loop over all the characters in the string
while(i < str.length())
{
// try matching a character to an entity
key = findValue(str.charAt(i));
if(key != null)
{
str.replace(i, i + 1, key);
i += key.length();
}
else
{
i++;
}
}
return str.toString();
}
/**
* Converts html entities (e.g. &) into real characthers (ASCII characters, e.g. & -> &)
* @param decode A string to be decoded.
* @return The string decoded with no HTML entities.
*/
public static String decode(String decode)
{
StringBuilder str = new StringBuilder(decode);
java.util.regex.Matcher m = Pattern.compile("&[A-Za-z]+;").matcher(str);
int matchPointer = 0;
while (m.find(matchPointer))
{
str.replace(m.start(), m.end(), "" + HtmlEntities.fromHtmlEntity(m.group()));
matchPointer = m.start();
}
return str.toString();
}
}
And unit test
import static org.junit.Assert.*;
import org.junit.Test;
public class HtmlEntitiesTest
{
private final static String decoded = "<img src=\"dir/filename.php?file=1&date=12414\" />";
private final static String encoded = "<img src="dir/filename.php?file=1&date=12414" />";
@Test
public void testEncondeHtmlEntities()
{
assertEquals(encoded, HtmlEntities.encode(decoded));
}
@Test
public void testDecodeHtmlEntities()
{
assertEquals(decoded, HtmlEntities.decode(encoded));
}
}
Was This Post Helpful?
0
Page 1 of 1
|
|
| 