java - SQLite apostrophe causes force close - .replace("'", "''") does not resolve the issue -
i have sqlite query i'm attempting run force closing due apostrophe in title string. i've attempted resolve using title.replace("'", "''") , title.replace("'", "\\") title.replaceall("'", "\"); still force closing due apostrophe - , when debug - apostrophe still exists in title - can point on may have done wrong here?
source snippet:
string title = info.get(meetinginfo.meeting_title); string selectionclause = events.dtstart + " = '" + starttime + "' , " + events.dtend + " = '" + endtime + "' , " + events.title + " = '" + title.replace("'", "\\") + "'";
you should use parametrized commands:
cursor res = db.rawquery("select * events dtstart = ? , dtend = ? , title = ?;", new string[]{ starttime, endtime, title }); this avoid sql injections , frees having format parameters right way. i.e., don't have format dates sqlite expects them, don't have care apostrophes, don't have care culture specific number formattings etc. , of course easier write, read , maintain.
Comments
Post a Comment