Java Code Examples for com.mysql.cj.util.StringUtils#stripComments()

The following examples show how to use com.mysql.cj.util.StringUtils#stripComments() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: lams   File: StatementImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks if the given SQL query with the given first non-ws char is a DML
 * statement. Throws an exception if it is.
 * 
 * @param sql
 *            the SQL to check
 * @param firstStatementChar
 *            the UC first non-ws char of the statement
 * 
 * @throws SQLException
 *             if the statement contains DML
 */
protected void checkForDml(String sql, char firstStatementChar) throws SQLException {
    if ((firstStatementChar == 'I') || (firstStatementChar == 'U') || (firstStatementChar == 'D') || (firstStatementChar == 'A')
            || (firstStatementChar == 'C') || (firstStatementChar == 'T') || (firstStatementChar == 'R')) {
        String noCommentSql = StringUtils.stripComments(sql, "'\"", "'\"", true, false, true, true);

        if (StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "INSERT") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "UPDATE")
                || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "DELETE") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "DROP")
                || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "CREATE") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "ALTER")
                || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "TRUNCATE") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "RENAME")) {
            throw SQLError.createSQLException(Messages.getString("Statement.57"), MysqlErrorNumbers.SQL_STATE_ILLEGAL_ARGUMENT, getExceptionInterceptor());
        }
    }
}
 
Example 2
private String extractProcedureName() throws SQLException {
    String sanitizedSql = StringUtils.stripComments(((PreparedQuery<?>) this.query).getOriginalSql(), "`\"'", "`\"'", true, false, true, true);

    // TODO: Do this with less memory allocation
    int endCallIndex = StringUtils.indexOfIgnoreCase(sanitizedSql, "CALL ");
    int offset = 5;

    if (endCallIndex == -1) {
        endCallIndex = StringUtils.indexOfIgnoreCase(sanitizedSql, "SELECT ");
        offset = 7;
    }

    if (endCallIndex != -1) {
        StringBuilder nameBuf = new StringBuilder();

        String trimmedStatement = sanitizedSql.substring(endCallIndex + offset).trim();

        int statementLength = trimmedStatement.length();

        for (int i = 0; i < statementLength; i++) {
            char c = trimmedStatement.charAt(i);

            if (Character.isWhitespace(c) || (c == '(') || (c == '?')) {
                break;
            }
            nameBuf.append(c);

        }

        return nameBuf.toString();
    }

    throw SQLError.createSQLException(Messages.getString("CallableStatement.1"), MysqlErrorNumbers.SQL_STATE_GENERAL_ERROR, getExceptionInterceptor());
}
 
Example 3
/**
 * Checks if the given SQL query with the given first non-ws char is a DML
 * statement. Throws an exception if it is.
 * 
 * @param sql
 *            the SQL to check
 * @param firstStatementChar
 *            the UC first non-ws char of the statement
 * 
 * @throws SQLException
 *             if the statement contains DML
 */
protected void checkForDml(String sql, char firstStatementChar) throws SQLException {
    if ((firstStatementChar == 'I') || (firstStatementChar == 'U') || (firstStatementChar == 'D') || (firstStatementChar == 'A')
            || (firstStatementChar == 'C') || (firstStatementChar == 'T') || (firstStatementChar == 'R')) {
        String noCommentSql = StringUtils.stripComments(sql, "'\"", "'\"", true, false, true, true);

        if (StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "INSERT") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "UPDATE")
                || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "DELETE") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "DROP")
                || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "CREATE") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "ALTER")
                || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "TRUNCATE") || StringUtils.startsWithIgnoreCaseAndWs(noCommentSql, "RENAME")) {
            throw SQLError.createSQLException(Messages.getString("Statement.57"), MysqlErrorNumbers.SQL_STATE_ILLEGAL_ARGUMENT, getExceptionInterceptor());
        }
    }
}
 
Example 4
private String extractProcedureName() throws SQLException {
    String sanitizedSql = StringUtils.stripComments(((PreparedQuery<?>) this.query).getOriginalSql(), "`\"'", "`\"'", true, false, true, true);

    // TODO: Do this with less memory allocation
    int endCallIndex = StringUtils.indexOfIgnoreCase(sanitizedSql, "CALL ");
    int offset = 5;

    if (endCallIndex == -1) {
        endCallIndex = StringUtils.indexOfIgnoreCase(sanitizedSql, "SELECT ");
        offset = 7;
    }

    if (endCallIndex != -1) {
        StringBuilder nameBuf = new StringBuilder();

        String trimmedStatement = sanitizedSql.substring(endCallIndex + offset).trim();

        int statementLength = trimmedStatement.length();

        for (int i = 0; i < statementLength; i++) {
            char c = trimmedStatement.charAt(i);

            if (Character.isWhitespace(c) || (c == '(') || (c == '?')) {
                break;
            }
            nameBuf.append(c);

        }

        return nameBuf.toString();
    }

    throw SQLError.createSQLException(Messages.getString("CallableStatement.1"), MysqlErrorNumbers.SQL_STATE_GENERAL_ERROR, getExceptionInterceptor());
}