Let's pretend I have a JCR 2 query string that is made like this:
String sql2Query = "SELECT * FROM [cq:PageContent] " +
"WHERE [aProperty] <> \" + aValue + "\"";
Are there helper methods using which I can escape aValue
?
By the way, I already know that in SQL2 we can use placeholders for queries and let the framework take care of escaping of values for us, but if I were to create this query dynamically, how can I escape aValue
to prevent SQL injection as well as construction of broken queries?