Package de.mhus.lib.core
Class MSql
- java.lang.Object
-
- de.mhus.lib.core.MSql
-
public class MSql extends Object
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classMSql.SqlTranslator
-
Constructor Summary
Constructors Constructor Description MSql()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Stringcolumn(String name)Validate the name as a column name.static Stringencode(String string, boolean notNull)Prepare a string to use it in a sql query.static Stringescape(String in)Escape all single quots to double single quots.static Stringescape(String in, int truncateSize)Escape single quots and truncates the string is needed.static voidexecuteUpdateQueries(Statement sth, String sql)Executes a bundle of queries, separated by semicolon.static voidfillProperties(ResultSet res, MProperties prop)static voidfillProperties(ResultSet res, MProperties prop, MSql.SqlTranslator translator)static StringquoteSQL(String sql)used to prepare SQL string literals by doubling each embedded ' and wrapping in ' at each end.static StringtoSqlLabel(String in, Connection con)Removes all non standard characters.static Stringunescape(String in)Remove all double single quots.
-
-
-
Method Detail
-
encode
public static String encode(String string, boolean notNull)
Prepare a string to use it in a sql query. It will also append the quots. A null string will be represented as one space of NULL- Parameters:
string-notNull- Set to true will return a single space instead of the string NULL- Returns:
- encoded string
-
escape
public static String escape(String in)
Escape all single quots to double single quots.- Parameters:
in-- Returns:
- escaped string
-
unescape
public static String unescape(String in)
Remove all double single quots.- Parameters:
in-- Returns:
- unescaped string
-
escape
public static String escape(String in, int truncateSize)
Escape single quots and truncates the string is needed.- Parameters:
in-truncateSize-- Returns:
- escaped string
-
executeUpdateQueries
public static void executeUpdateQueries(Statement sth, String sql) throws SQLException
Executes a bundle of queries, separated by semicolon.- Parameters:
sth-sql-- Throws:
SQLException
-
quoteSQL
public static String quoteSQL(String sql)
used to prepare SQL string literals by doubling each embedded ' and wrapping in ' at each end. Further quoting is required to use the results in Java String literals. If you use PreparedStatement, then this method is not needed. The ' quoting is automatically handled for you.- Parameters:
sql- Raw SQL string literal- Returns:
- sql String literal enclosed in '
-
toSqlLabel
public static String toSqlLabel(String in, Connection con)
Removes all non standard characters. Currently do not validate keywords.- Parameters:
in- The string to validatecon- Optional the sql connection to validate keywords. null is possible.- Returns:
- normalized string
-
fillProperties
public static void fillProperties(ResultSet res, MProperties prop) throws SQLException, de.mhus.lib.errors.MException
- Throws:
SQLExceptionde.mhus.lib.errors.MException
-
fillProperties
public static void fillProperties(ResultSet res, MProperties prop, MSql.SqlTranslator translator) throws SQLException, de.mhus.lib.errors.MException
- Throws:
SQLExceptionde.mhus.lib.errors.MException
-
column
public static String column(String name) throws SQLException
Validate the name as a column name. If the name contains not allowed characters the method will throw a sql exception. Use this method to deny sql injection for column names.- Parameters:
name- The name of the column- Returns:
- The name. The method can be used in line.
- Throws:
SQLException
-
-