Awake SQL v1.2.1

org.awakefw.sql.api.server
Class StatementAnalyser

java.lang.Object
  extended by org.awakefw.sql.api.server.StatementAnalyser

public class StatementAnalyser
extends Object

Class that allows the analysis of the string content of a SQL statement, mainly for security reasons.

Analysis methods include:

Since:
1.0

Constructor Summary
StatementAnalyser(String sql, List<Object> parameterValues)
          Constructor.
 
Method Summary
 Object getFirstParameter()
          Returns the value in string of the first parameter of the parameters list.
 Object getLastParameter()
          Returns the value in string of the last parameter of the parameters list.
 Object getParameter(int index)
          Returns the value as object of the parameter index in the list.
 int getParameterCount()
          Returns the number of parameters in the statement
 String getSql()
          Returns the string content of the SQL statement.
 String getStatementType()
          Extract the statement type from a sql order.
 String getTableNameFromDmlStatement()
          Returns the table name in use type from a DML SQL order.
 boolean isDcl()
          Says if the statement is a DCL (Data Control Language) statement ( GRANT/REVOKE).
 boolean isDdl()
          Says if the statement is a DDL (Data Definition Language) statement ( CREATE/ALTER/DROP/TRUNCATE/COMMENT/RENAME)
 boolean isDelete()
          Says if the statement is a DELETE.
 boolean isDml()
          Says if the statement is a DML (Data Manipulation Language) statement ( DELETE/INSERT/SELECT/UPDATE).
 boolean isInsert()
          Says if the statement is an INSERT.
 boolean isPreparedStatement()
          Returns true if the statement is a prepared statement with at least one '?'
 boolean isSelect()
          Says if the statement is a SELECT.
 boolean isUpdate()
          Says if the statement is an UPDATE.
 boolean isWithComments()
          Says if a statement contains SQL comments.
 boolean isWithSemicolons()
          Says if a statement contains Semicolons (';') that are not trailing.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

StatementAnalyser

public StatementAnalyser(String sql,
                         List<Object> parameterValues)
Constructor.

Parameters:
sql - the string content of the SQL statement.
parameterValues - the parameter values of a prepared statement in the natural order, empty list for a (non prepared) statement
Method Detail

getFirstParameter

public Object getFirstParameter()
Returns the value in string of the first parameter of the parameters list.

Returns:
the value in string of the first parameter of the parameters list.
Throws:
IndexOutOfBoundsException - if there is no parameter

getLastParameter

public Object getLastParameter()
Returns the value in string of the last parameter of the parameters list.

Returns:
the value in string of the last parameter of the parameters list
Throws:
IndexOutOfBoundsException - if there is no parameter

getParameter

public Object getParameter(int index)
Returns the value as object of the parameter index in the list.

Parameters:
index - index of parameter as in a list: starts at 0.
Returns:
the value as object of the parameter index.
Throws:
IndexOutOfBoundsException - if the index is out of range ( index < 0 || index >= size())

getParameterCount

public int getParameterCount()
Returns the number of parameters in the statement

Returns:
the number of parameters in the statement

getSql

public String getSql()
Returns the string content of the SQL statement.

Returns:
the string content of the SQL statement

getStatementType

public String getStatementType()
Extract the statement type from a sql order.

Returns:
the statement type: DELETE, INSERT, SELECT, UPDATE, etc...

getTableNameFromDmlStatement

public String getTableNameFromDmlStatement()
                                    throws IllegalArgumentException
Returns the table name in use type from a DML SQL order.

Returns:
the table name in use (the first one in a SELECT statement) for a DML statement. Returns null if statement is not DML.
Throws:
IllegalArgumentException

isDcl

public boolean isDcl()
Says if the statement is a DCL (Data Control Language) statement ( GRANT/REVOKE).

Returns:
true if the statement is DCL statement

isDdl

public boolean isDdl()
Says if the statement is a DDL (Data Definition Language) statement ( CREATE/ALTER/DROP/TRUNCATE/COMMENT/RENAME)

Returns:
true if the statement is DDL statement

isDelete

public boolean isDelete()
Says if the statement is a DELETE.

Returns:
true if the statement is a DELETE

isDml

public boolean isDml()
Says if the statement is a DML (Data Manipulation Language) statement ( DELETE/INSERT/SELECT/UPDATE).

Returns:
true if the statement is DML statement

isInsert

public boolean isInsert()
Says if the statement is an INSERT.

Returns:
true if the statement is an INSERT

isPreparedStatement

public boolean isPreparedStatement()
Returns true if the statement is a prepared statement with at least one '?' parameter.

Returns:
true if the statement is a prepared statement with at least one '?' parameter, else false

isSelect

public boolean isSelect()
Says if the statement is a SELECT.

Returns:
true if the statement is a SELECT

isUpdate

public boolean isUpdate()
Says if the statement is an UPDATE.

Returns:
true if the statement is an UPDATE

isWithComments

public boolean isWithComments()
Says if a statement contains SQL comments.

Returns:
true if the SQL statement contains SQL comments

isWithSemicolons

public boolean isWithSemicolons()
Says if a statement contains Semicolons (';') that are not trailing. Use this to prevent attacks when a statement is multi-statements.

Returns:
true if the SQL statement contains SQL comments

Awake SQL v1.2.1

Awake SQL - Virtual JDBC Driver over HTTP for Android, Swing and JavaFX
Android & Desktop Edition allow easy access to majors remote SQL databases with regular JDBC calls:
DB2 - H2 - HSQLDB (HyperSQL) - Informix - Ingres - MySQL - Oracle - PostgreSQL - SQL Server - Sybase - Teradata
Copyright © 2012 Kawan Softwares SAS