tags:

views:

814

answers:

4
+2  Q: 

Java string inside string to string

Hello,
I have this string: "\"Blah \'Blah\' Blah\"". There is another string inside it. How do I convert that into: Blah 'Blah' Blah? (you see, unescaping the string.) This is because I get a SQL Where query:

WHERE blah="Blah \'Blah\' Blah"

When I parse this, I get the string above (still inside quotes and escaped.) How would I extract that, un-escaping the string? Or is ther some much easier way to do this? Thanks,
Isaac

A:  
"\"Blah \'Blah\' Blah\"".replaceAll("\"", "")
dfa  2009-05-04 23:59:34
If the string was "\"Blah \\"Blah\\" Blah\"", it would come out wrong: Blah \Blah\ Blah.
Isaac Waller  2009-05-05 00:03:02
A: 

Put the string in a property file, Java supports XML property files and the quote character does not need to be escaped in XML.

Use loadFromXML(InputStream in) method of the Properties class.

You can then use the MessageFormat class to interpolate values into the String if needed.

BeWarned  2009-05-05 00:15:29
A: 

This should be about right. This assumes that if it starts with a quote, it ends with a quote.

if (val.startsWith("\"") || val.startsWith("\'")) 
   val = val.substring(1, val.length-2);

You may wish to add val = val.trim(); as well.

altCognito  2009-05-05 00:27:58
+15  A: 

DO NOT DO THIS.

Follow the proper steps for parametrization of a query on your Database/Platform, and you won't have to escape anything. You also will protect yourself from injection vulnerabilities.

FlySwat  2009-05-05 00:30:03
+1, but how will I hack the site. ;(
altCognito  2009-05-05 00:30:34
No, you see, I am not the one who creates the SQL query, it is my job to parse it. I have a SQL interface to a web service, and I have the parametrization part done, but for those people who don't like that, and do it the bad way, I have to support it. I guess I could just throw a exception, but I would like to fully support it.
Isaac Waller  2009-05-05 00:33:17
Then your web service interface is broken. It should take the query and the queries parameters as separate items.
FlySwat  2009-05-05 00:42:33
It does! That is the preferred way! But, to fully support SQL, I must support the strings directly in the query. It is bad, I agree, but I must.
Isaac Waller  2009-05-05 00:46:22
Or, I might just throw a exception when somebody tries to do it that way...
Isaac Waller  2009-05-05 00:46:41
I'd do that. Force the consumers to use your service properly.
FlySwat  2009-05-05 00:47:46
I'd have to agree with this answer and encourage you to reject the request.
Software Monkey  2009-05-05 06:12:02
If you need to parse SQL, create a "real" parser and lexer, decoding the string one character at a time, into tokens and then create a syntax tree.
robinr  2009-05-06 20:11:49

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java