Question
Android quotes within an sql query string
I want to perform a query like the following:
uvalue = EditText( some user value );
p_query = "select * from mytable where name_field = '" + uvalue + "'" ;
mDb.rawQuery( p_query, null );
if the user enters a single quote in their input it crashes. If you change it to:
p_query = "select * from mytable where name_field = \"" + uvalue + "\"" ;
it crashes if the user enters a double quote in their input. and of course they could always enter both single and double quotes.
45 41711
45