escape static method
Escapes special characters in strings to prevent SQL injection.
Currently escapes double quotes and single quotes by adding backslashes.
input The string to escape.
Returns the escaped string safe for SQL queries.
Note: This method is marked for improvement (@TODO).
Example:
QVar.escape("Hello 'World'"); // "Hello \\'World\\'"
QVar.escape('Say "Hi"'); // "Say \\"Hi\\""
Implementation
// @TODO improve this method
static String escape(String input) {
input = input.replaceAll('"', '\\"');
input = input.replaceAll("'", "\\'");
//input = input.replaceAll('\x00', '\\0');
return input;
}