daily pastebin goal
60%
SHARE
TWEET

Untitled

a guest Apr 16th, 2018 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. java.sql.DatabaseMetaData md = conn.getMetaData();
  2. String q = md.getIdentifierQuoteString();
  3. String sql = "SELECT MAX(AGE) FROM %s%s%s";
  4. sql = String.format(sql, q, tablename.replaceAll(q, q+q), q);
  5.    
  6. SELECT MAX(AGE) FROM "table""name"
  7.    
  8. HashMap h = new HashMap<String,String>();
  9. /* user-friendly table name maps to actual, ugly table name */
  10. h.put("accounts", "tbl_accounts123");
  11.  
  12. userTablename = ... /* user input */
  13. if (h.containsKey(userTablename)) {
  14.   tablename = h.get(userTablename);
  15. } else {
  16.   throw ... /* Exception that user input is invalid */
  17. }
  18. String sql = "SELECT MAX(AGE) FROM %s";
  19. /* we know the table names are safe because we wrote them */
  20. sql = String.format(sql, tablename);
  21.    
  22. String sql = "SELECT MAX(AGE) FROM %s";
  23. sql = String.format(sql, tablename);
  24.    
  25. tablename = tablename.replaceAll("[^\w]", "");
RAW Paste Data
Top