public class PreparedString extends Object
PreparedString div = new PreparedString( "<a href=\"http:\\\\example.com?id=?\" onmouseover=\"alert('?')\">test</a>", new HTMLEntityCodec() ); div.setURL( 1, request.getParameter( "url" ), new PercentCodec() ); div.set( 2, request.getParameter( "message" ), new JavaScriptCodec() ); out.println( div.toString() ); // escaping for SQL PreparedString query = new PreparedString( "SELECT * FROM users WHERE name='?' AND password='?'", new OracleCodec() ); query.set( 1, request.getParameter( "name" ) ); query.set( 2, request.getParameter( "pass" ) ); stmt.execute( query.toString() );
Constructor and Description |
---|
PreparedString(String template,
char parameterCharacter,
Codec codec)
Create a PreparedString with the supplied template, parameter placeholder character, and Codec.
|
PreparedString(String template,
Codec codec)
Create a PreparedString with the supplied template and Codec.
|
Modifier and Type | Method and Description |
---|---|
void |
set(int index,
String value)
Set the parameter at index with supplied value using the default Codec to escape.
|
void |
set(int index,
String value,
Codec codec)
Set the parameter at index with supplied value using the supplied Codec to escape.
|
String |
toString()
Render the PreparedString by combining the template with properly escaped parameters.
|
public PreparedString(String template, Codec codec)
template
- codec
- public PreparedString(String template, char parameterCharacter, Codec codec)
template
- parameterCharacter
- codec
- public void set(int index, String value)
index
- value
- public void set(int index, String value, Codec codec)
index
- value
- codec
- Copyright © 2016 The Open Web Application Security Project (OWASP). All rights reserved.