Class SqlParameterEncoder
- java.lang.Object
-
- org.linuxforhealth.fhir.persistence.jdbc.util.SqlParameterEncoder
-
public class SqlParameterEncoder extends java.lang.ObjectProvides custom encoding and escaping functions for use by the JDBCQueryBuilder. Proper encoding/escaping reduces the likelihood of SQL penetration that may happen when called via the REST layer.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringDEFAULT_ESCAPE_CHARACTER
-
Constructor Summary
Constructors Constructor Description SqlParameterEncoder()SqlParameterEncoder(java.lang.String escapeCharacter, java.lang.String blackListCharactersRegex)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static java.lang.Stringencode(java.lang.String parameter)static java.lang.Stringencode(java.lang.String parameter, java.lang.String defaultEscapeCharacter, java.lang.String blackListCharactersRegex)java.lang.StringencodeParameter(java.lang.String parameter)java.lang.StringgetEscapeCharacter()
-
-
-
Field Detail
-
DEFAULT_ESCAPE_CHARACTER
public static final java.lang.String DEFAULT_ESCAPE_CHARACTER
- See Also:
- Constant Field Values
-
-
Method Detail
-
encodeParameter
public java.lang.String encodeParameter(java.lang.String parameter)
-
getEscapeCharacter
public java.lang.String getEscapeCharacter()
-
encode
public static java.lang.String encode(java.lang.String parameter)
-
encode
public static java.lang.String encode(java.lang.String parameter, java.lang.String defaultEscapeCharacter, java.lang.String blackListCharactersRegex)
-
-