本文整理汇总了Java中org.apache.commons.lang.StringEscapeUtils.escapeSql方法的典型用法代码示例。如果您正苦于以下问题:Java StringEscapeUtils.escapeSql方法的具体用法?Java StringEscapeUtils.escapeSql怎么用?Java StringEscapeUtils.escapeSql使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.apache.commons.lang.StringEscapeUtils
的用法示例。
在下文中一共展示了StringEscapeUtils.escapeSql方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
sqlBuilder.append(" WHERE (user.first_name LIKE '%").append(escToken)
.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
.append(escToken).append("%') ");
}
}
}
示例2: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildNameSearch(StringBuilder queryText, String searchString) {
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
queryText.append(" AND (user.first_name LIKE '%").append(escToken)
.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
.append(escToken).append("%')");
}
}
}
示例3: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildNameSearch(String searchString, StringBuilder sqlBuilder, boolean whereDone) {
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
sqlBuilder.append(whereDone ? " AND ( " : " WHERE ( ")
.append("user.first_name LIKE '%").append(escToken)
.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
.append(escToken).append("%') ");
}
}
}
示例4: getPagedUsers
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
@Override
public List<Object[]> getPagedUsers(Long toolSessionId, Integer page, Integer size, int sorting,
String searchString) {
String GET_USERS_FOR_SESSION = "SELECT user.uid, user.hidden, CONCAT(user.firstName, ' ', user.lastName) FROM "
+ PeerreviewUser.class.getName() + " user WHERE user.session.sessionId = :toolSessionId ";
String sortingOrder = "";
switch (sorting) {
case PeerreviewConstants.SORT_BY_NO:
sortingOrder = " ORDER BY user.uid";
break;
case PeerreviewConstants.SORT_BY_USERNAME_ASC:
sortingOrder = " ORDER BY user.firstName ASC";
break;
case PeerreviewConstants.SORT_BY_USERNAME_DESC:
sortingOrder = " ORDER BY user.firstName DESC";
break;
}
StringBuilder bldr = new StringBuilder(GET_USERS_FOR_SESSION);
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
bldr.append(" AND ( ").append("user.firstName LIKE '%").append(escToken)
.append("%' OR user.lastName LIKE '%").append(escToken).append("%' OR user.loginName LIKE '%")
.append(escToken).append("%') ");
}
}
bldr.append(sortingOrder);
String queryString = bldr.toString();
Query query = getSession().createQuery(queryString)
.setLong("toolSessionId", toolSessionId);
if ( page != null && size != null ) {
query.setFirstResult(page * size).setMaxResults(size);
}
return (List<Object[]>) query.list();
}
示例5: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildNameSearch(String searchString, StringBuilder sqlBuilder, boolean useWhere) {
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
sqlBuilder.append(useWhere ? " WHERE " : " AND ").append("(user.fullname LIKE '%").append(escToken)
.append("%' OR user.username LIKE '%").append(escToken).append("%') ");
}
}
}
示例6: buildCombinedSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildCombinedSearch(String searchStringVote, String searchStringUsername, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchStringVote)) {
String[] tokens = searchStringVote.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
sqlBuilder.append(" WHERE (userEntry LIKE '%").append(escToken).append("%') ");
}
} else {
buildNameSearch(searchStringUsername, sqlBuilder, true);
}
}
示例7: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
sqlBuilder.append(" AND (user.first_name LIKE '%").append(escToken)
.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
.append(escToken).append("%') ");
}
}
}
示例8: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private String buildNameSearch(String searchString, String userRef) {
String filteredSearchString = null;
if (!StringUtils.isBlank(searchString)) {
StringBuilder searchStringBuilder = new StringBuilder("");
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
searchStringBuilder.append(" AND (" + userRef + ".fullname LIKE '%").append(escToken)
.append("%' OR " + userRef + ".username LIKE '%").append(escToken).append("%') ");
}
filteredSearchString = searchStringBuilder.toString();
}
return filteredSearchString;
}
示例9: buildNameSearch
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
private void buildNameSearch(StringBuilder queryText, String searchString) {
String filteredSearchString = null;
if (!StringUtils.isBlank(searchString)) {
String[] tokens = searchString.trim().split("\\s+");
for (String token : tokens) {
String escToken = StringEscapeUtils.escapeSql(token);
queryText.append(" WHERE (fullname LIKE '%").append(escToken).append("%' OR username LIKE '%")
.append(escToken).append("%') ");
}
}
}
示例10: strip
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
/**
* @param value 待处理内容
* @return
* @Description SQL注入内容剥离
*/
public String strip(String value) {
//剥离SQL注入部分代码
return StringEscapeUtils.escapeSql(value.replaceAll("('.+--)|(\\|)|(%7C)", ""));
}
示例11: escapeSql
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
@Override
protected String escapeSql(String literalValue) {
String escaped = StringEscapeUtils.escapeSql(literalValue);
// we need to deal with a strange design with the \' escape but no \\ escape
return StringUtils.replace(escaped, "\\'", "'||TRIM('\\ ')||''");
}
示例12: escapeSql
import org.apache.commons.lang.StringEscapeUtils; //导入方法依赖的package包/类
protected String escapeSql(String literalValue) {
return StringEscapeUtils.escapeSql(literalValue);
}