diff --git a/src/java/org/apache/commons/lang/StringEscapeUtils.java b/src/java/org/apache/commons/lang/StringEscapeUtils.java index 28e3db8ee..5329477a7 100644 --- a/src/java/org/apache/commons/lang/StringEscapeUtils.java +++ b/src/java/org/apache/commons/lang/StringEscapeUtils.java @@ -60,7 +60,7 @@ import org.apache.commons.lang.exception.NestableRuntimeException; /** - *
Escapes and unescapes String
s for Java, Java Script, HTML, and XML.
+ *
Escapes and unescapes String
s for Java, Java Script, HTML, XML, and SQL.
*
*
Originally from * Turbine and the @@ -75,7 +75,7 @@ * @author Sean Brown * @author Gary Gregory * @since 2.0 - * @version $Id: StringEscapeUtils.java,v 1.14 2003/07/05 19:04:31 bayard Exp $ + * @version $Id: StringEscapeUtils.java,v 1.15 2003/07/05 23:37:30 alex Exp $ */ public class StringEscapeUtils { @@ -427,8 +427,8 @@ public static String escapeHtml(String str) { *
Unescapes a string containing entity escapes to a string * containing the actual Unicode characters corresponding to the * escapes. Supports HTML 4.0 entities.
- *For example, the string "<Françla;ais>"
- * will become "
For example, the string "<Français>" + * will become "<Français>"
*If an entity is unrecognized, it is left alone, and inserted * verbatim into the result string. e.g. ">&zzzz;x" will * become ">&zzzz;x".
@@ -480,11 +480,13 @@ public static String unescapeXml(String str) { /** * Escapes the characters in aString
to be suitable to pass to
* an SQL query. For example,
- * statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + StringEscapeUtils.escapeSql("McHale's Navy") + "'");
- * Presently, this method only turns single-quotes into doubled single-quotes.
+ * statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + + * StringEscapeUtils.escapeSql("McHale's Navy") + + * "'");+ * At present, this method only turns single-quotes into doubled single-quotes (
"McHale's Navy"
=> "McHale''s Navy"
).
* It does not handle the cases of percent (%) or underscore (_) for use in LIKE clauses.
* see http://www.jguru.com/faq/view.jsp?EID=8881
- * @param s
+ * @param s the string to escape
* @return A new String, escaped for SQL
*/
public static String escapeSql(String s)