Saving webview geturl and getitle in Sqlite database. Problem with syntax error apostrophe '

Question

When im saving webview.getTitle (); in Sqlite database, if in title has apostrophe ('), then i got error -

android.database.sqlite.SQLiteException: near "at": syntax error (code 1): , while compiling: INSERT INTO Favorite VALUES('4 madhab bid'at tavassul', 'file:///android_asset/web/akaid/4maddhab/4.htm' );

My code like this

mysql objcon = new mysql(this, null, null, 1);
SQLiteDatabase db = objcon.getReadableDatabase();
db.execSQL(
    "INSERT INTO Favorite VALUES('"
     + txtnombre.getText()
     + "', '"
     + txtlink2.getText()
     +"' );"
);

How to solve this problem?

Answer 1

There is a single quote embedded within txtnombre.getText() : '4 madhab bid'at tavassul'. This causes SQLite to wrongly consider that this quote marks the end of the first value to insert.

To avoid that, you could consider manually doubling the single quotes :

db.execSQL(
    "INSERT INTO Favorite VALUES('"
    + txtnombre.getText().replaceAll("'","\''")
    + "', '"
    + txtlink2.getText().replaceAll("'","\''")
    +"' );"
);

I would recommend using bind parameters. With this option, your database driver handles escaping behind the hood :

q = "INSERT INTO Favorite VALUES(?, ?)";
t1 = txtnombre.getText();
t2 = txtlink2.getText();
db.rawQuery(q, new String[] { t1, t2 });

Finally, another approach in Android would be to use native method sqlEscapeString(), which is primarily built for this purpose.

Also, as commented by pskink, using insert() would better fit your use case than raw SQL.