* Treiber, Host, User und Passwort, ueber den der Zugriff auf die
* Datenbank erfolgt.
*
- * @version $Revision: 1.21.2.3 $ $Date: 2002/12/10 09:05:07 $
+ * @version $Revision: 1.21.2.4 $ $Date: 2002/12/20 03:01:01 $
* @author $Author: mh $
*
*/
break;
case java.sql.Types.CHAR:case java.sql.Types.VARCHAR:case java.sql.Types.LONGVARCHAR:
outValue = rs.getString(valueIndex);
- //if (outValue != null)
- //outValue = StringUtil.encodeHtml(StringUtil.unquote(outValue));
break;
case java.sql.Types.LONGVARBINARY:
outValue = rs.getString(valueIndex);
- //if (outValue != null)
- //outValue = StringUtil.encodeHtml(StringUtil.unquote(outValue));
break;
case java.sql.Types.TIMESTAMP:
// it's important to use Timestamp here as getting it
}
else {
if (theEntity.hasValueForField(aField)) {
- aValue = "'" + StringUtil.quote((String)theEntity.getValue(aField))
+ aValue = "'" + StringUtil.JDBCescapeStringLiteral((String)theEntity.getValue(aField))
+ "'";
}
}
else {
firstField = false;
}
- fv.append(aField).append("='").append(StringUtil.quote((String)theEntity.getValue(aField))).append("'");
+ fv.append(aField).append("='").append(StringUtil.JDBCescapeStringLiteral((String)theEntity.getValue(aField))).append("'");
}
}
}
/*
* ContentObjekt -
*
- * @version $Id: ModuleContent.java,v 1.7.4.3 2002/11/01 05:38:20 mh Exp $
+ * @version $Id: ModuleContent.java,v 1.7.4.4 2002/12/20 03:01:01 mh Exp $
*
* @author RK
*
* $Log: ModuleContent.java,v $
+ * Revision 1.7.4.4 2002/12/20 03:01:01 mh
+ * replace the use of StringUtil.quote(String) with StringUtil.JDBCescapeStringLiteral(String) to better escape single quotes and other JDBC stuff
+ *
* Revision 1.7.4.3 2002/11/01 05:38:20 mh
* Converted media Interface to use streams (Java IO) instead of byte buffers of
* the entire uplaoded files. These saves loads of unecessary memory use. JAI
public EntityList getContentByField(String aField, String aValue, String orderBy, int offset,
EntityUsers user) throws ModuleException
{
- String whereClause = "lower("+aField + ") like lower('%" + StringUtil.quote(aValue) + "%')";
+ String whereClause = "lower("+aField + ") like lower('%" + StringUtil.JDBCescapeStringLiteral(aValue) + "%')";
return getContent(whereClause, orderBy, offset, user);
}
else {
if (theEntityValues.containsKey(aField)) {
if (aField.equals("to_parent_id")) {
- aValue = StringUtil.quote((String)theEntityValues.get(aField));
+ aValue = StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField));
} else {
- aValue = "'" + StringUtil.quote((String)theEntityValues.get(aField)) + "'";
+ aValue = "'" + StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField)) + "'";
}
}
}
firstField = false;
}
if (aField.equals("to_parent_id")) {
- fv.append(aField).append("=").append(StringUtil.quote((String)theEntityValues.get(aField)));
+ fv.append(aField).append("=").append(StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField)));
} else {
- fv.append(aField).append("='").append(StringUtil.quote((String)theEntityValues.get(aField))).append("'");
+ fv.append(aField).append("='").append(StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField))).append("'");
}
}
}