0

I have to save some data inside of SQLLite. This text data can contain a quote ('). Is there a way to escape this char on insert, and get it back when getting the data from the database?

In particular, the name is a references to a file. So the file can be named like "hel'lo.file". Before escaping it to the database, it should be "hel''lo.file". But when i get it back i need again "hel'lo.file" to be certain that the string inside the db matches the file name.

I'm using a content provider and a SQLiteOpenHelper.

Inside my content provider, for the insert i'm doing this:

_id = db.insert(TextEditorContract.NoteEntry.TABLE_NAME, null, values);

My insert inside my activity:

        ContentValues values = new ContentValues();
        ...
        values.put(NoteEntry.COLUMN_TITLE, getFileTitle());
        Uri recordUri = contentResolver.insert(NoteEntry.CONTENT_URI, values);
Federico Ponzi
  • 2,682
  • 4
  • 34
  • 60

1 Answers1

1

Use SQLiteOpenHelper - then you can use prepared statements. See this question: Android SQLite Example

EDIT

String file = "/storage/emulated/0/Note/hello 'world.txt"

String sql = "SELECT _id FROM Recents WHERE percorso=? ORDER BY _id ASC";
String[] data = {file};
Cursor cursor = database.rawQuery(sql, data);
Community
  • 1
  • 1
markt
  • 903
  • 7
  • 21
  • Hi, i'm using a content provider to comunicate with the database. Also, i'm already using a database open helper class. Thanks edit: edited my question with more details – Federico Ponzi Oct 18 '14 at 15:40
  • In that case you don't need to worry about escaping - it is handled for you. – markt Oct 18 '14 at 15:47
  • I get this error: `android.database.sqlite.SQLiteException: near "world": syntax error (code 1): , while compiling: SELECT _id FROM Recents WHERE percorso='/storage/emulated/0/Note/hello 'world.txt' ORDER BY _id ASC` so i think i have to xD – Federico Ponzi Oct 18 '14 at 15:49
  • Your code shows an insert statement, but the error shows a select statement? – markt Oct 18 '14 at 15:56
  • Yeah, in the select i didn't use the openhelper class, but manually wrote the query. Thanks a lot for help! – Federico Ponzi Oct 18 '14 at 16:00