org.owasp.esapi.codecs
Class OracleCodec
java.lang.Object
org.owasp.esapi.codecs.Codec
org.owasp.esapi.codecs.OracleCodec
public class OracleCodec
- extends Codec
Implementation of the Codec interface for Oracle strings. This function will only protect you from SQLi in the case of user data
bring placed within an Oracle quoted string such as:
select * from table where user_name=' USERDATA ';
- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Jim Manico ([email protected]) Manico.net
- See Also:
- how-to-escape-single-quotes-in-strings,
Encoder
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
OracleCodec
public OracleCodec()
encodeCharacter
public String encodeCharacter(char[] immune,
Character c)
- Default implementation that should be overridden in specific codecs.
Encodes ' to ''
Encodes ' to ''
- Overrides:
encodeCharacter
in class Codec
- Parameters:
immune
- c
- the Character to encode
- Returns:
- the encoded Character
decodeCharacter
public Character decodeCharacter(PushbackString input)
- Returns the decoded version of the next character from the input string and advances the
current character in the PushbackString. If the current character is not encoded, this
method MUST reset the PushbackString.
Returns the decoded version of the character starting at index, or
null if no decoding is possible.
Formats all are legal
'' decodes to '
- Overrides:
decodeCharacter
in class Codec
- Parameters:
input
- the Character to decode
- Returns:
- the decoded Character
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.