开发者

Java safe String.format and escaping %

问答 作者:

I'm using String.format method of Java API to log something. My method is like:

public static void log(String message, Object... params){
    System.out.println(String.format(message, params));
}

However the problem is, if the user sends a message that has % character 开发者_Python百科somewhere in it, it throws exception. Here's a scenario:

log("SELECT * FROM my WHERE name like '%six%'");

and Java looks for something to replace %s (that's ok) and %' (oops). I want to fix that. Because there there are no params and %s will be lost and %' causes exception.

One solution can be message.replace("%", "%%") but I'm not sure it is an elegant solution or not.

log has no idea whether a given % is meant as a format specifier or as a percent sign. Consider the following example:

log("%s%s", "test");

Is that "test%s", "%stest", or an error?

Therefore, the problem will have to be addressed at the call site:

log(escape("SELECT * FROM my WHERE name like '%six%'"));

where escape() is a function you'll need to write that'll replace all % with %%.

Alternatively, the following can be used at the call site:

log("%s", "SELECT * FROM my WHERE name like '%six%'");

A simple solution for the most likely misuse (using %s or % somewhere in the String but providing no parameters) would be to provide a no-params overload to your method in addition to your original method:

public static void log(String message) {
  System.out.println(message);
}

Alternatively you can dynamically try to detect the no-params case, but that's a bit more work:

public static void log(String message, Object... params) {
  final String output;
  if (params == null || params.length = 0) {
    output = message;
  } else {
    output = String.format(message, params);
  }
  System.out.println(output);
}

One option would be to pass the string directly into the println if the length of params is 0. Another options would be to have two overloads.

public static void log(String message);
public static void log(String format, String param, String...params);

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9