Class OracleCodec

  • All Implemented Interfaces:
    Codec<java.lang.Character>

    public class OracleCodec
    extends AbstractCharacterCodec
    Implementation of the Codec interface for Oracle strings. This function will only protect you from SQLi in the case of user data bring placed within an Oracle quoted string such as: select * from table where user_name=' USERDATA ';
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Jim Manico (jim@manico.net) Manico.net
    See Also:
    how-to-escape-single-quotes-in-strings, Encoder
    • Constructor Detail

      • OracleCodec

        public OracleCodec()
    • Method Detail

      • decodeCharacter

        public java.lang.Character decodeCharacter​(PushbackSequence<java.lang.Character> input)
        Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Formats all are legal '' decodes to '
        Specified by:
        decodeCharacter in interface Codec<java.lang.Character>
        Overrides:
        decodeCharacter in class AbstractCodec<java.lang.Character>
        Parameters:
        input - the Character to decode
        Returns:
        the decoded Character