java.lang.Object
- org.owasp.esapi.codecs.AbstractCodec<java.lang.Character>
- - org.owasp.esapi.codecs.AbstractCharacterCodec
  - - org.owasp.esapi.codecs.MySQLCodec

All Implemented Interfaces:: Codec<java.lang.Character>

@Deprecated
public class MySQLCodec
extends AbstractCharacterCodec

Deprecated.

Codec implementation which can be used to escape string literals in MySQL.
Implementation accepts 2 Modes as identified by the OWASP Recommended escaping strategies:

ANSI
Simply encode all ' (single tick) characters with '' (two single ticks)

Standard

   NUL (0x00) --> \0  [This is a zero, not the letter O]
   BS  (0x08) --> \b
   TAB (0x09) --> \t
   LF  (0x0a) --> \n
   CR  (0x0d) --> \r
   SUB (0x1a) --> \Z
   "   (0x22) --> \"
   %   (0x25) --> \%
   '   (0x27) --> \'
   \   (0x5c) --> \\
   _   (0x5f) --> \_ 
   

   all other non-alphanumeric characters with ASCII values less than 256  --> \c
   where 'c' is the original non-alphanumeric character.

Since:: June 1, 2007 MySQL 8.0 String Literals OWASP SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping
Author:: Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class MySQLCodec.Mode
Deprecated.

Specifies the SQL Mode the target MySQL Server is running with.

Field Summary

Fields
Modifier and Type	Field	Description
`static int`	`ANSI_MODE`	Deprecated. Target MySQL Server is running in ANSI_QUOTES Mode
`static int`	`MYSQL_MODE`	Deprecated. Target MySQL Server is running in Standard MySQL (Default) mode.

Constructor Summary

Constructors
Constructor	Description
`MySQLCodec(int mode)`	Deprecated.
`MySQLCodec(MySQLCodec.Mode mode)`	Deprecated. Instantiate the MySQL Codec with the given SQL `MySQLCodec.Mode`.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`java.lang.Character`	`decodeCharacter(PushbackSequence<java.lang.Character> input)`	Deprecated. Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
`java.lang.String`	`encodeCharacter(char[] immune, java.lang.Character c)`	Deprecated. WARNING!!!! Passing a standard char to this method will resolve to the

Methods inherited from class org.owasp.esapi.codecs.AbstractCharacterCodec
decode

Methods inherited from class org.owasp.esapi.codecs.AbstractCodec
containsCharacter, encode, encodeCharacter, encodeCharacter, getHexForNonAlphanumeric, getHexForNonAlphanumeric, toHex, toHex, toOctal

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - MYSQL_MODE
```
public static final int MYSQL_MODE
```
    Deprecated.
    
    Target MySQL Server is running in Standard MySQL (Default) mode.
    
    See Also:
    
    Constant Field Values
  - ANSI_MODE
```
public static final int ANSI_MODE
```
    Deprecated.
    
    Target MySQL Server is running in ANSI_QUOTES Mode
    
    See Also:
    
    https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sqlmode_ansi_quotes, Constant Field Values
- Constructor Detail
  - MySQLCodec
```
@Deprecated
public MySQLCodec(int mode)
```
    Deprecated.
    
    Instantiate the MySQL codec
    
    Parameters:
    
    mode - Mode has to be one of {MYSQL_MODE|ANSI_MODE} to allow correct encoding
    
    See Also:
    
    MySQLCodec(org.owasp.esapi.codecs.MySQLCodec.Mode)
  - MySQLCodec
```
public MySQLCodec(MySQLCodec.Mode mode)
```
    Deprecated.
    
    Instantiate the MySQL Codec with the given SQL MySQLCodec.Mode.
    
    Parameters:
    
    mode - The mode the target server is running in
- Method Detail
  - encodeCharacter
```
public java.lang.String encodeCharacter(char[] immune,
                                        java.lang.Character c)
```
    Deprecated.
    
    WARNING!!!! Passing a standard char to this method will resolve to the
    
    Specified by:
    
    encodeCharacter in interface Codec<java.lang.Character>
    
    Overrides:
    
    encodeCharacter in class AbstractCodec<java.lang.Character>
    
    Parameters:
    
    immune - array of chars to NOT encode. Use with caution.
    
    c - the Character to encode
    
    Returns:
    
    the encoded Character
    
    See Also:
    
    method instead of this one!!! YOU HAVE BEEN WARNED!!!!
  - decodeCharacter
```
public java.lang.Character decodeCharacter(PushbackSequence<java.lang.Character> input)
```
    Deprecated.
    
    Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Formats all are legal (case sensitive) In ANSI_MODE '' decodes to ' In MYSQL_MODE \x decodes to x (or a small list of specials)
    
    Specified by:
    
    decodeCharacter in interface Codec<java.lang.Character>
    
    Overrides:
    
    decodeCharacter in class AbstractCodec<java.lang.Character>
    
    Parameters:
    
    input - the Character to decode
    
    Returns:
    
    the decoded Character

Class MySQLCodec

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.owasp.esapi.codecs.AbstractCharacterCodec

Methods inherited from class org.owasp.esapi.codecs.AbstractCodec

Methods inherited from class java.lang.Object

Field Detail

MYSQL_MODE

ANSI_MODE

Constructor Detail

MySQLCodec

MySQLCodec

Method Detail

encodeCharacter

decodeCharacter