Package com.ibm.fhir.persistence.jdbc.util

Class SqlParameterEncoder

java.lang.Object

com.ibm.fhir.persistence.jdbc.util.SqlParameterEncoder

public class SqlParameterEncoder
extends Object

Provides custom encoding and escaping functions for use by the JDBCQueryBuilder. Proper encoding/escaping reduces the likelihood of SQL penetration that may happen when called via the REST layer.

Field Summary

Fields

Modifier and Type	Field	Description
static String	DEFAULT_ESCAPE_CHARACTER

Constructor Summary

Constructors

Constructor	Description
SqlParameterEncoder()
SqlParameterEncoder(String escapeCharacter, String blackListCharactersRegex)

Method Summary

Modifier and Type	Method	Description
static String	encode(String parameter)
static String	encode(String parameter, String defaultEscapeCharacter, String blackListCharactersRegex)
String	encodeParameter(String parameter)
String	getEscapeCharacter()

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ESCAPE_CHARACTER

public static final String DEFAULT_ESCAPE_CHARACTER

See Also:

Constant Field Values

Constructor Detail

SqlParameterEncoder

public SqlParameterEncoder()

SqlParameterEncoder

public SqlParameterEncoder(String escapeCharacter,
                           String blackListCharactersRegex)

Method Detail

encodeParameter

public String encodeParameter(String parameter)

getEscapeCharacter

public String getEscapeCharacter()

encode

public static String encode(String parameter)

encode

public static String encode(String parameter,
                            String defaultEscapeCharacter,
                            String blackListCharactersRegex)