问题
How can I escape a value for usage in a query to MSSQL Server? I know how it would be possible using JDBC but since I'm using SAP Business One DI API there is no way (I'm aware of) of using prepared statements.
It would be sufficient to know how to escape string values while additionally knowing how to escape identifiers would be nice, too.
Update: After reading New SQL Truncation Attacks And How To Avoid Them it seems sufficient to escape identifiers using [ (and doubling each occurrence of ]) and values using ' (again doubling every occurence of '). A hint to a library whose concern is correct escaping of MSSQL would be nice nevertheless.
来源:https://stackoverflow.com/questions/23477126/escape-value-in-mssql-server-with-java