From 496c7eb436722a98285968c42c9267803f57aa2a Mon Sep 17 00:00:00 2001
From: travismccauley <travismccauley>
Date: Tue, 4 Nov 2003 16:22:11 +0000
Subject: [PATCH] Bugfix to add Hibernate Query Language escape string for
 single-quotes. Added a convenience method in LexUtilities, hqlEscape.

---
 .../org/thdl/lex/LexComponentRepository.java  | 15 +++++-----
 src/java/org/thdl/lex/LexUtilities.java       | 28 +++++++++++++++++++
 2 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/src/java/org/thdl/lex/LexComponentRepository.java b/src/java/org/thdl/lex/LexComponentRepository.java
index bf85f56..88c8fa9 100644
--- a/src/java/org/thdl/lex/LexComponentRepository.java
+++ b/src/java/org/thdl/lex/LexComponentRepository.java
@@ -214,18 +214,17 @@ public class LexComponentRepository
 
 		Query query = null;
 		Iterator it = null;
-		String termForQuery = null;
-		if ( lexQuery.getFindMode().equals( LexComponentRepository.EXACT ) )
+
+		String termForQuery = LexUtilities.hqlEscape( term.getTerm() );
+		LexLogger.debug( "Escaped term string: " + termForQuery );
+
+		if ( lexQuery.getFindMode().equals( LexComponentRepository.STARTS_WITH ) )
 		{
-			termForQuery = term.getTerm();
-		}
-		else if ( lexQuery.getFindMode().equals( LexComponentRepository.STARTS_WITH ) )
-		{
-			termForQuery = term.getTerm() + "%";
+			termForQuery = termForQuery + "%";
 		}
 		else if ( lexQuery.getFindMode().equals( LexComponentRepository.ANYWHERE ) )
 		{
-			termForQuery = "%" + term.getTerm() + "%";
+			termForQuery = "%" + termForQuery + "%";
 		}
 		String queryString = " FROM org.thdl.lex.component.ITerm as term WHERE term.term like '" + termForQuery + "' AND term.deleted=0 ORDER BY term.term";
 		try
diff --git a/src/java/org/thdl/lex/LexUtilities.java b/src/java/org/thdl/lex/LexUtilities.java
index 3741569..3a299bd 100644
--- a/src/java/org/thdl/lex/LexUtilities.java
+++ b/src/java/org/thdl/lex/LexUtilities.java
@@ -69,6 +69,34 @@ public class LexUtilities
 	}
 
 
+	/**
+	 *  Description of the Method
+	 *
+	 * @param  fromString  Description of the Parameter
+	 * @return             Description of the Return Value
+	 */
+	public static String hqlEscape( String fromString )
+	{
+		HashMap map = new HashMap();
+		map.put( "'", "''" );
+		StringBuffer targetString = new StringBuffer( "" );
+		if ( null != fromString )
+		{
+			StringTokenizer tokens = new StringTokenizer( fromString, "'%_\"", true );
+			while ( tokens.hasMoreTokens() )
+			{
+				String temp = tokens.nextToken();
+				if ( map.containsKey( temp ) )
+				{
+					temp = (String) map.get( temp );
+				}
+				targetString.append( temp );
+			}
+		}
+		return targetString.toString();
+	}
+
+
 	/**
 	 *  Description of the Method
 	 *