cloud.opencode.base.string.escape.SqlUtil

public final class SqlUtil extends Object

SQL Escape Utility - Provides SQL string escaping methods. SQL转义工具 - 提供SQL字符串转义方法。

Features | 主要功能:

Single-quote escaping for SQL string literals - SQL字符串字面量单引号转义

⚠️ Security Warning | 安全警告:

This utility is a last-resort fallback for legacy code that cannot use parameterized queries. Prefer PreparedStatement with bind parameters for all SQL interactions. This escape covers string literal context only; it must NOT be used to escape SQL identifiers (table/column names) or numeric values.

本工具是无法使用参数化查询的遗留代码的最后手段。所有 SQL 交互请优先使用带绑定参数的 PreparedStatement。本转义仅适用于字符串字面量上下文；禁止用于转义 SQL 标识符（表名/列名）或数值。

Usage Examples | 使用示例:

// PREFERRED: parameterized query | 推荐：参数化查询
PreparedStatement ps = conn.prepareStatement("SELECT * FROM t WHERE name = ?");
ps.setString(1, userInput);

// FALLBACK ONLY: manual escape | 仅作备选：手动转义
String escaped = SqlUtil.escape("O'Brien"); // "O''Brien"

Security | 安全性:

Thread-safe: Yes (stateless utility) - 线程安全: 是（无状态工具类）
Null-safe: Yes - 空值安全: 是

Performance | 性能特性:

Time complexity: O(n) where n = string length - O(n), n为字符串长度
Space complexity: O(n) for escaped output - 转义输出 O(n)

Since:

JDK 25, opencode-base-string V1.0.0

Author:

Leon Soo www.LeonSoo.com

See Also:

Method Summary

Modifier and Type

Method

Description

static String

escape(String str)

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- escape
  
  public static String escape(String str)

Class SqlUtil

Method Summary

Methods inherited from class Object

Method Details

escape