Android quotes within an sql query string

android sqlite

You should make use of the rawQuery method's selectionArgs parameter:

p_query = "select * from mytable where name_field = ?";
mDb.rawQuery(p_query, new String[] { uvalue });

This not only solves your quotes problem but also mitigates SQL Injection.


DatabaseUtils.sqlEscapeString worked properly for me. The string is enclosed by single quotes and the single quotes inside the string become double quotes. Tried using selectionArgs in the getContentResolver().query() but it didn't work at all.


You should change 

p_query = "select * from mytable where name_field = '" +  uvalue + "'" ;

like 

p_query = "select * from mytable where name_field = '" + android.database.DatabaseUtils.sqlEscapeString(uvalue)+ "'" ;

Have you tried replacing a single quote with 2 single quotes? That works for inputting data to a database.

Related

How can I change separator color in NavigationView?
How I can select rows from a dataframe that do not match?
Reading a register value into a C variable [duplicate]
Apache Spark - foreach Vs foreachPartition When to use What?
Obtain a reference to <script> parent element [duplicate]
MVC 3 - Html.EditorFor seems to cache old values after $.ajax call
Returning Large Objects in Functions
PHP absolute path to root
Bootstrap - 5 column layout
Is there ever a good reason to use Insertion Sort?
Determine if current application is activated (has focus)
Why doesn't Python have static variables?