Android quotes within an sql query string

Posted by miannelle on Stack Overflow See other posts from Stack Overflow or by miannelle
Published on 2009-08-18T20:05:51Z Indexed on 2010/04/16 12:43 UTC
Read the original article Hit count: 236

Filed under:
|
|

I want to perform a query like the following:

uvalue = EditText( some user value );
p_query = "select * from mytable where name_field = '" +  uvalue + "'" ;
mDb.rawQuery( p_query, null );

if the user enters a single quote in their input it crashes. If you change it to:

p_query = "select * from mytable where name_field = \"" +  uvalue + "\"" ;

it crashes if the user enters a double quote in their input. and of course they could always enter both single and double quotes.

© Stack Overflow or respective owner

Related posts about android

Related posts about sqlite