|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.stc.connector.framework.util.StringHelper
Utilities for String formatting, manipulation, and queries.
Constructor Summary | |
StringHelper()
|
Method Summary | |
static java.lang.String |
escapeHTML(java.lang.String s)
Replaces characters that may be confused by a HTML parser with their equivalent character entity references. |
static java.lang.String |
escapeJavaLiteral(java.lang.String s)
Replaces characters that are not allowed in a Java style string literal with their escape characters. |
static java.lang.String |
escapeSQL(java.lang.String s)
Replaces characters that may be confused by an SQL parser with their equivalent escape characters. |
static java.lang.String |
midpad(java.lang.String s,
int length)
Pad the beginning and end of the given String with spaces until the String is of the given length. |
static java.lang.String |
midpad(java.lang.String s,
int length,
char c)
Pad the beginning and end of the given String with the given character until the result is the desired length. |
static java.lang.String |
postpad(java.lang.String s,
int length)
Pad the end of the given String with spaces until the String is of the given length. |
static java.lang.String |
postpad(java.lang.String s,
int length,
char c)
Append the given character to the String until the result is the desired length. |
static java.lang.String |
prepad(java.lang.String s,
int length)
Pad the beginning of the given String with spaces until the String is of the given length. |
static java.lang.String |
prepad(java.lang.String s,
int length,
char c)
Pre-pend the given character to the String until the result is the desired length. |
static java.lang.String |
replace(java.lang.String s,
java.lang.String find,
java.lang.String replace)
Replace occurrences of a substring. |
static java.lang.String[] |
split(java.lang.String s,
java.lang.String delimiter)
Split the given String into tokens. |
static java.lang.String |
trim(java.lang.String s,
java.lang.String c)
Trim any of the characters contained in the second string from the beginning and end of the first. |
static java.lang.String |
unescapeHTML(java.lang.String s)
Turn any HTML escape entities in the string into characters and return the resulting string. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public StringHelper()
Method Detail |
public static java.lang.String prepad(java.lang.String s, int length)
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
s
- String to be padded.length
- desired length of result.
public static java.lang.String prepad(java.lang.String s, int length, char c)
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
s
- String to be padded.length
- desired length of result.c
- padding character.
public static java.lang.String postpad(java.lang.String s, int length)
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
s
- String to be padded.length
- desired length of result.
public static java.lang.String postpad(java.lang.String s, int length, char c)
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
s
- String to be padded.length
- desired length of result.c
- padding character.
public static java.lang.String midpad(java.lang.String s, int length)
If the number of characters to pad is even, then the padding will be split evenly between the beginning and end, otherwise, the extra character will be added to the end.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
s
- String to be padded.length
- desired length of result.
public static java.lang.String midpad(java.lang.String s, int length, char c)
If the number of characters to pad is even, then the padding will be split evenly between the beginning and end, otherwise, the extra character will be added to the end.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
s
- String to be padded.length
- desired length of result.c
- padding character.
public static java.lang.String[] split(java.lang.String s, java.lang.String delimiter)
This method is meant to be similar to the split function in other programming languages but it does not use regular expressions. Rather the String is split on a single String literal.
Unlike java.util.StringTokenizer which accepts multiple character tokens as delimiters, the delimiter here is a single String literal.
Each null token is returned as an empty String. Delimiters are never returned as tokens.
If there is no delimiter because it is either empty or null, the only element in the result is the original String.
StringHelper.split("1-2-3", "-");
result: {"1", "2", "3"}
StringHelper.split("-1--2-", "-");
result: {"", "1", ,"", "2", ""}
StringHelper.split("123", "");
result: {"123"}
StringHelper.split("1-2---3----4", "--");
result: {"1-2", "-3", "", "4"}
s
- String to be split.delimiter
- String literal on which to split.
public static java.lang.String replace(java.lang.String s, java.lang.String find, java.lang.String replace)
s
- String to be modified.find
- String to find.replace
- String to replace.
public static java.lang.String escapeHTML(java.lang.String s)
Any data that will appear as text on a web page should be be escaped. This is especially important for data that comes from untrusted sources such as Internet users. A common mistake in CGI programming is to ask a user for data and then put that data on a web page. For example:
Server: What is your name? User: <b>Joe<b> Server: Hello Joe, WelcomeIf the name is put on the page without checking that it doesn't contain HTML code or without sanitizing that HTML code, the user could reformat the page, insert scripts, and control the the content on your web server.
This method will replace HTML characters such as > with their HTML entity reference (>) so that the html parser will be sure to interpret them as plain text rather than HTML or script.
This method should be used for both data to be displayed in text in the
html document, and data put in form elements. For example:
<html><body>This in not a <tag>
in HTML</body></html>
and
<form><input type="hidden" name="date" value="This
data could be "malicious""></form>
In the second example, the form data would be properly be resubmitted
to your cgi script in the URLEncoded format:
This data could be %22malicious%22
s
- String to be escaped
public static java.lang.String escapeSQL(java.lang.String s)
Any data that will be put in an SQL query should be be escaped. This is especially important for data that comes from untrusted sources such as Internet users.
For example if you had the following SQL query:
"SELECT FROM addresses WHERE name='" + name + "' AND private='N'"
Without this function a user could give " OR 1=1 OR ''='"
as their name causing the query to be:
"SELECT FROM addresses WHERE name='' OR 1=1 OR ''=''
AND private='N'"
which will give all addresses, including private ones.
Correct usage would be:
"SELECT FROM addresses WHERE name='" +
StringHelper.escapeSQL(name) + "' AND private='N'"
Another way to avoid this problem is to use a PreparedStatement with appropriate placeholders.
s
- String to be escaped
public static java.lang.String escapeJavaLiteral(java.lang.String s)
s
- String to be escaped
public static java.lang.String trim(java.lang.String s, java.lang.String c)
s
- String to be trimmed.c
- list of characters to trim from s.
public static java.lang.String unescapeHTML(java.lang.String s)
s
- String to be unescaped.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |