antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 5 Projects Releases 5 Activity Actions

Escape backslash (\) in SQL Strings as they can break queries unescaped.

Browse source
This commit is contained in:
Jürg Lehni 2011-05-06 19:59:37 +01:00 committed by Tobi Schäfer
parent e246589cdf
commit a9e1cf3f51
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/main/java/helma/objectmodel/db/DbMapping.java
View file

@ -1580,7 +1580,7 @@ public final class DbMapping {
String str = value == null ? null : value.toString();
if (str == null) {
return null;
} else if (str.indexOf("'") < 0) {
} else if (str.indexOf('\'') < 0 && str.indexOf('\\') < 0) {
return str;
}
@ -1591,10 +1591,13 @@ public final class DbMapping {
char c = str.charAt(i);
if (c == '\'') {
sbuf.append('\'');
}
sbuf.append("\\'");
} else if (c == '\\') {
sbuf.append("\\\\");
} else {
sbuf.append(c);
}
}
return sbuf.toString();
}