Reputation: 31
SQLite apostrophe causes force close - .replace("'", "''") does not resolve the issue
I have a an SQLite query I'm attempting to run however it is force closing due to an apostrophe in my title string. I've attempted to resolve this by using title.replace("'", "''") and title.replace("'", "\\") as well as title.replaceAll("'", "\"); however it is still force closing due to the apostrophe - and when I debug - the apostrophe still exists in title - can anyone point on what I may have done wrong here?
Source Snippet:
String title = info.get(MeetingInfo.MEETING_TITLE);
String selectionClause = Events.DTSTART + " = '" + startTime + "' AND "
+ Events.DTEND + " = '" + endTime + "' AND "
+ Events.TITLE + " = '" + title.replace("'", "\\") + "'";
Upvotes: 0
Views: 190
Answers (1)
Reputation: 112362
You should use parametrized commands:
Cursor res =
db.rawQuery("SELECT * FROM Events WHERE DTSTART = ? AND DTEND = ? AND TITLE = ?;",
new String[]{ startTime, endTime, title });
This help to avoid SQL injections and frees you from having to format the parameters the right way. I.e., you don't have to format dates as SQLite expects them, you don't have to care about apostrophes, you don't have to care about culture specific number formattings etc. and of course it is easier to write, read and maintain.
Upvotes: 3
Related Questions
- How to escape the apostrophe in Java?
- Single quote problem in sqlite on android. Need to solve without replacing quotes
- Error in using " " and ' ' in SQLite
- User-entered apostrophe crashes android app (SQL-related)
- sqlite.SQLiteException: near "s": syntax error: because of apostrophe
- Insert a String containing an apostrophe (sqlite)
- Apostrophe in sqlite selection
- Inserting apostrophe values in sqlite error
- SQLiteException: near "''" in Android 2.1
- SQLiteException because of ' char, how to escape it?