Java Code Examples for org.apache.commons.lang.StringEscapeUtils.escapeSql()

The following are Jave code examples for showing how to use escapeSql() of the org.apache.commons.lang.StringEscapeUtils class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: lams   File: SurveyUserDAOHibernate.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(" WHERE (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 2
Project: lams   File: PeerreviewUserDAOHibernate.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder, boolean whereDone) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(whereDone ? " AND ( " : " WHERE ( ")
		.append("user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 3
Project: lams   File: PeerreviewUserDAOHibernate.java   View Source Code Vote up 5 votes
@Override
   public List<Object[]> getPagedUsers(Long toolSessionId, Integer page, Integer size, int sorting,
    String searchString) {

String GET_USERS_FOR_SESSION = "SELECT user.uid, user.hidden, CONCAT(user.firstName, ' ', user.lastName) FROM "
	+ PeerreviewUser.class.getName() + " user WHERE user.session.sessionId = :toolSessionId ";

String sortingOrder = "";
switch (sorting) {
    case PeerreviewConstants.SORT_BY_NO:
	sortingOrder = " ORDER BY user.uid";
	break;
    case PeerreviewConstants.SORT_BY_USERNAME_ASC:
	sortingOrder = " ORDER BY user.firstName ASC";
	break;
    case PeerreviewConstants.SORT_BY_USERNAME_DESC:
	sortingOrder = " ORDER BY user.firstName DESC";
	break;
}

   	StringBuilder bldr =  new StringBuilder(GET_USERS_FOR_SESSION);
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	bldr.append(" AND ( ").append("user.firstName LIKE '%").append(escToken)
		.append("%' OR user.lastName LIKE '%").append(escToken).append("%' OR user.loginName LIKE '%")
		.append(escToken).append("%') ");
    }
}
   	bldr.append(sortingOrder);
   	
String queryString = bldr.toString();
Query query = getSession().createQuery(queryString)
	.setLong("toolSessionId", toolSessionId);
if ( page != null && size != null ) {
    query.setFirstResult(page * size).setMaxResults(size);
}
return (List<Object[]>) query.list();
   }
 
Example 4
Project: lams   File: DacoUserDAOHibernate.java   View Source Code Vote up 5 votes
private void buildNameSearch(StringBuilder queryText, String searchString) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	queryText.append(" AND (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%')");
    }
}
   }
 
Example 5
Project: lams   File: VoteUsrAttemptDAO.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder, boolean useWhere) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(useWhere ? " WHERE " : " AND ").append("(user.fullname LIKE '%").append(escToken)
		.append("%' OR user.username LIKE '%").append(escToken).append("%') ");
    }
}
   }
 
Example 6
Project: lams   File: VoteUsrAttemptDAO.java   View Source Code Vote up 5 votes
private void buildCombinedSearch(String searchStringVote, String searchStringUsername, StringBuilder sqlBuilder) {

	if (!StringUtils.isBlank(searchStringVote)) {
	    String[] tokens = searchStringVote.trim().split("\\s+");
	    for (String token : tokens) {
		String escToken = StringEscapeUtils.escapeSql(token);
		sqlBuilder.append(" WHERE (userEntry LIKE '%").append(escToken).append("%') ");
	    }
	} else {
	    buildNameSearch(searchStringUsername, sqlBuilder, true);
	}
    }
 
Example 7
Project: lams   File: ForumUserDao.java   View Source Code Vote up 5 votes
private void buildNameSearch(StringBuilder queryText, String searchString) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	queryText.append(" AND (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%')");
    }
}
   }
 
Example 8
Project: lams   File: NotebookUserDAO.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(" WHERE (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 9
Project: lams   File: GmapUserDAO.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(" AND (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 10
Project: lams   File: QaUsrRespDAO.java   View Source Code Vote up 5 votes
private String buildNameSearch(String searchString, String userRef) {
String filteredSearchString = null;
if (!StringUtils.isBlank(searchString)) {
    StringBuilder searchStringBuilder = new StringBuilder("");
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	searchStringBuilder.append(" AND (" + userRef + ".fullname LIKE '%").append(escToken)
		.append("%' OR " + userRef + ".username LIKE '%").append(escToken).append("%') ");
    }
    filteredSearchString = searchStringBuilder.toString();
}
return filteredSearchString;
   }
 
Example 11
Project: lams   File: QaQueUsrDAO.java   View Source Code Vote up 5 votes
private void buildNameSearch(StringBuilder queryText, String searchString) {
String filteredSearchString = null;
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	queryText.append(" WHERE (fullname LIKE '%").append(escToken).append("%' OR username LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 12
Project: lams   File: SubmitUserDAO.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(" AND (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 13
Project: lams   File: SpreadsheetUserDAOHibernate.java   View Source Code Vote up 5 votes
private void buildNameSearch(String searchString, StringBuilder sqlBuilder) {
if (!StringUtils.isBlank(searchString)) {
    String[] tokens = searchString.trim().split("\\s+");
    for (String token : tokens) {
	String escToken = StringEscapeUtils.escapeSql(token);
	sqlBuilder.append(" WHERE (user.first_name LIKE '%").append(escToken)
		.append("%' OR user.last_name LIKE '%").append(escToken).append("%' OR user.login_name LIKE '%")
		.append(escToken).append("%') ");
    }
}
   }
 
Example 14
Project: ICEWall   File: SqlInjection.java   View Source Code Vote up 4 votes
/**
 * @param value 待处理内容
 * @return
 * @Description SQL注入内容剥离
 */
public String strip(String value) {

    //剥离SQL注入部分代码
    return StringEscapeUtils.escapeSql(value.replaceAll("('.+--)|(\\|)|(%7C)", ""));
}
 
Example 15
Project: morf   File: NuoDBDialect.java   View Source Code Vote up 4 votes
@Override
protected String escapeSql(String literalValue) {
  String escaped = StringEscapeUtils.escapeSql(literalValue);
  // we need to deal with a strange design with the \' escape but no \\ escape
  return StringUtils.replace(escaped, "\\'", "'||TRIM('\\ ')||''");
}
 
Example 16
Project: morf   File: SqlDialect.java   View Source Code Vote up 4 votes
protected String escapeSql(String literalValue) {
  return StringEscapeUtils.escapeSql(literalValue);
}