Class SqlParameterEncoder
- java.lang.Object
-
- org.linuxforhealth.fhir.persistence.jdbc.util.SqlParameterEncoder
-
public class SqlParameterEncoder extends java.lang.Object
Provides custom encoding and escaping functions for use by the JDBCQueryBuilder. Proper encoding/escaping reduces the likelihood of SQL penetration that may happen when called via the REST layer.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_ESCAPE_CHARACTER
-
Constructor Summary
Constructors Constructor Description SqlParameterEncoder()
SqlParameterEncoder(java.lang.String escapeCharacter, java.lang.String blackListCharactersRegex)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static java.lang.String
encode(java.lang.String parameter)
static java.lang.String
encode(java.lang.String parameter, java.lang.String defaultEscapeCharacter, java.lang.String blackListCharactersRegex)
java.lang.String
encodeParameter(java.lang.String parameter)
java.lang.String
getEscapeCharacter()
-
-
-
Field Detail
-
DEFAULT_ESCAPE_CHARACTER
public static final java.lang.String DEFAULT_ESCAPE_CHARACTER
- See Also:
- Constant Field Values
-
-
Method Detail
-
encodeParameter
public java.lang.String encodeParameter(java.lang.String parameter)
-
getEscapeCharacter
public java.lang.String getEscapeCharacter()
-
encode
public static java.lang.String encode(java.lang.String parameter)
-
encode
public static java.lang.String encode(java.lang.String parameter, java.lang.String defaultEscapeCharacter, java.lang.String blackListCharactersRegex)
-
-