Package org.apache.calcite.sql.util

Class SqlBuilder

  • public class SqlBuilder
extends java.lang.Object
    Extension to StringBuilder for the purposes of creating SQL queries and expressions.

    Using this class helps to prevent SQL injection attacks, incorrectly quoted identifiers and strings. These problems occur when you build SQL by concatenating strings, and you forget to treat identifers and string literals correctly. SqlBuilder has special methods for appending identifiers and literals.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.lang.StringBuilder buf  
      private SqlDialect dialect  

    • Constructor Summary

      Constructors 
      Constructor Description
      SqlBuilder​(SqlDialect dialect)
      Creates a SqlBuilder.
      SqlBuilder​(SqlDialect dialect, java.lang.String s)
      Creates a SqlBuilder with a given string.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      SqlBuilder append​(char c)
      Appends a character, without any quoting.
      SqlBuilder append​(long n)
      Appends a number, per StringBuilder.append(long).
      SqlBuilder append​(java.lang.String s)
      Appends a string, without any quoting.
      SqlBuilder append​(SqlString s)
      Appends a hygienic SQL string.
      void clear()
      Clears the contents of the buffer.
      SqlDialect getDialect()
      Returns the dialect.
      java.lang.String getSql()
      Returns the SQL.
      java.lang.String getSqlAndClear()
      Returns the SQL and clears the buffer.
      SqlBuilder identifier​(java.lang.String name)
      Appends an identifier to this buffer, quoting accordingly.
      SqlBuilder identifier​(java.lang.String... names)
      Appends one or more identifiers to this buffer, quoting accordingly.
      SqlBuilder identifier​(java.util.List<java.lang.String> names)
      Appends a compound identifier to this buffer, quoting accordingly.
      int indexOf​(java.lang.String str)
      Returns the index within this string of the first occurrence of the specified substring.
      int indexOf​(java.lang.String str, int fromIndex)
      Returns the index within this string of the first occurrence of the specified substring, starting at the specified index.
      SqlBuilder insert​(int offset, java.lang.String str)
      Inserts the string into this character sequence.
      int length()
      Returns the length (character count).
      SqlBuilder literal​(java.lang.String s)
      Appends a string literal to this buffer.
      SqlBuilder literal​(java.sql.Timestamp timestamp)
      Appends a timestamp literal to this buffer.
      SqlString toSqlString()
      Returns the contents of this SQL buffer as a 'certified kocher' SQL string.
      java.lang.String toString()

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Field Detail

      • buf

        private final java.lang.StringBuilder buf

    • Constructor Detail

      • SqlBuilder

        public SqlBuilder​(SqlDialect dialect)
        Creates a SqlBuilder.
        Parameters:
        dialect - Dialect

      • SqlBuilder

        public SqlBuilder​(SqlDialect dialect,
                  java.lang.String s)
        Creates a SqlBuilder with a given string.
        Parameters:
        dialect - Dialect
        s - Initial contents of the buffer

    • Method Detail

      • getDialect

        public SqlDialect getDialect()
        Returns the dialect.
        Returns:
        dialect

      • length

        public int length()
        Returns the length (character count).
        Returns:
        the length of the sequence of characters currently represented by this object

      • clear

        public void clear()
        Clears the contents of the buffer.

      • toString

        public java.lang.String toString()

        Returns the SQL string.

        Overrides:
        toString in class java.lang.Object
        Returns:
        SQL string
        See Also:
        getSql()

      • getSql

        public java.lang.String getSql()
        Returns the SQL.

      • getSqlAndClear

        public java.lang.String getSqlAndClear()
        Returns the SQL and clears the buffer.

        Convenient if you are reusing the same SQL builder in a loop.

      • append

        public SqlBuilder append​(SqlString s)
        Appends a hygienic SQL string.
        Parameters:
        s - SQL string to append
        Returns:
        This builder

      • append

        public SqlBuilder append​(java.lang.String s)
        Appends a string, without any quoting.

        Calls to this method are dubious.

        Parameters:
        s - String to append
        Returns:
        This builder

      • append

        public SqlBuilder append​(char c)
        Appends a character, without any quoting.
        Parameters:
        c - Character to append
        Returns:
        This builder

      • append

        public SqlBuilder append​(long n)
        Appends a number, per StringBuilder.append(long).

      • identifier

        public SqlBuilder identifier​(java.lang.String name)
        Appends an identifier to this buffer, quoting accordingly.
        Parameters:
        name - Identifier
        Returns:
        This builder

      • identifier

        public SqlBuilder identifier​(java.lang.String... names)
        Appends one or more identifiers to this buffer, quoting accordingly.
        Parameters:
        names - Varargs array of identifiers
        Returns:
        This builder

      • identifier

        public SqlBuilder identifier​(java.util.List<java.lang.String> names)
        Appends a compound identifier to this buffer, quoting accordingly.
        Parameters:
        names - Parts of a compound identifier
        Returns:
        This builder

      • toSqlString

        public SqlString toSqlString()
        Returns the contents of this SQL buffer as a 'certified kocher' SQL string.

        Use this method in preference to toString(). It indicates that the SQL string has been constructed using good hygiene, and is therefore less likely to contain SQL injection or badly quoted identifiers or strings.

        Returns:
        Contents of this builder as a SQL string.

      • literal

        public SqlBuilder literal​(java.lang.String s)
        Appends a string literal to this buffer.

        For example, calling literal("can't") would convert the buffer

        SELECT
        to
        SELECT 'can''t'
        Parameters:
        s - String to append
        Returns:
        This buffer

      • literal

        public SqlBuilder literal​(java.sql.Timestamp timestamp)
        Appends a timestamp literal to this buffer.
        Parameters:
        timestamp - Timestamp to append
        Returns:
        This buffer

      • indexOf

        public int indexOf​(java.lang.String str)
        Returns the index within this string of the first occurrence of the specified substring.
        See Also:
        StringBuilder.indexOf(String)

      • indexOf

        public int indexOf​(java.lang.String str,
                   int fromIndex)
        Returns the index within this string of the first occurrence of the specified substring, starting at the specified index.
        See Also:
        StringBuilder.indexOf(String, int)

      • insert

        public SqlBuilder insert​(int offset,
                         java.lang.String str)
        Inserts the string into this character sequence.
        See Also:
        StringBuilder.insert(int, String)