Android quotes within an sql query string
Posted
by miannelle
on Stack Overflow
See other posts from Stack Overflow
or by miannelle
Published on 2009-08-18T20:05:51Z
Indexed on
2010/04/16
12:43 UTC
Read the original article
Hit count: 236
I want to perform a query like the following:
uvalue = EditText( some user value );
p_query = "select * from mytable where name_field = '" + uvalue + "'" ;
mDb.rawQuery( p_query, null );
if the user enters a single quote in their input it crashes. If you change it to:
p_query = "select * from mytable where name_field = \"" + uvalue + "\"" ;
it crashes if the user enters a double quote in their input. and of course they could always enter both single and double quotes.
© Stack Overflow or respective owner