Package org.checkerframework.checker.sqlquotes.qual

Annotation Interface SqlOddQuotes

@Documented
@Retention(RUNTIME)
@Target({TYPE_USE,TYPE_PARAMETER})
@SubtypeOf(SqlQuotesUnknown.class)
public @interface SqlOddQuotes

Denotes a String that contains an odd number of unescaped single quotes -- i.e., there must be an odd number of ' characters in a SqlOddQuotes String that are not preceded immediately by another ' character. (Thus, all SqlOddQuotes Strings ultimately contain an odd number of single quotes, escaped or otherwise.) SqlOddQuotes Strings are not syntactical to be passed to query execution methods.

Common use cases include: SQL query fragments to be concatenated with user input, such as "SELECT * FROM table WHERE field = '"; SQL query fragments containing user input but missing an ending single quote, such as "SELECT * FROM table WHERE field = 'value"; connecting punctuation, such as "', "; and any combinations of the above with paired-off single quotes, such as "SELECT * FROM table WHERE field1 = 'value1', field2 = 'value2', field3 = '".

See the Checker Framework Manual:

SQL Quotes Checker