feat: update safe sql characters

eisbilir · eisbilir · commit f752f2364820 · 2023-11-27T17:06:23.000+03:00
diff --git a/src/main/java/com/topcoder/dal/util/QueryHelper.java b/src/main/java/com/topcoder/dal/util/QueryHelper.java
@@ -200,7 +200,8 @@ public static String sanitizeSQLStatement(String sql) {
         StringBuilder safeSQL = new StringBuilder();
         for (char c : sql.toCharArray()) {
             if (Character.isLetterOrDigit(c) || c == ' ' || c == ',' || c == '(' || c == ')' || c == '=' || c == '<'
-                    || c == '>' || c == '_' || c == ':' || c == '.' || c == '-' || c == '+' || c == '*' || c == '\'') {
+                    || c == '>' || c == '_' || c == ':' || c == '.' || c == '-' || c == '+' || c == '*' || c == '\''
+                    || c == '!') {
                 safeSQL.append(c);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,8 @@ public static String sanitizeSQLStatement(String sql) {`
`200`	`200`	`StringBuilder safeSQL = new StringBuilder();`
`201`	`201`	`for (char c : sql.toCharArray()) {`
`202`	`202`	`if (Character.isLetterOrDigit(c) \|\| c == ' ' \|\| c == ',' \|\| c == '(' \|\| c == ')' \|\| c == '=' \|\| c == '<'`
`203`		`- \|\| c == '>' \|\| c == '_' \|\| c == ':' \|\| c == '.' \|\| c == '-' \|\| c == '+' \|\| c == '*' \|\| c == '\'') {`
	`203`	`+ \|\| c == '>' \|\| c == '_' \|\| c == ':' \|\| c == '.' \|\| c == '-' \|\| c == '+' \|\| c == '*' \|\| c == '\''`
	`204`	`+ \|\| c == '!') {`
`204`	`205`	`safeSQL.append(c);`
`205`	`206`	`}`
`206`	`207`	`}`