1

The select query is not working in the below case.

string sssss = "InspectorADEL2018 -11-13";
con.Open();
String value1 = "select * from finalreport where rmid='"+sssss+"'; ";
SQLiteCommand cmd13 = new SQLiteCommand(value1, con);
dr13 = cmd13.ExecuteReader();
while (dr13.Read())
{
    Console.WriteLine("The command executed");
}
con.Close();

But when we tried the below one the query works and get the output.

con.Open();
String value1 = "select * from finalreport where rmid='InspectorADEL2018 -11-13'; ";
SQLiteCommand cmd13 = new SQLiteCommand(value1, con);
dr13 = cmd13.ExecuteReader();
while (dr13.Read())
{
    Console.WriteLine("The command executed");
}
con.Close();

How can I solve the problem when we assign the value to a string variable?

priyanka s
  • 126
  • 2
  • 11
  • you need to escape the `-` chars – jazb Nov 16 '18 at 07:30
  • possible duplicate: https://stackoverflow.com/questions/12615113/how-to-escape-special-characters-like-in-sqlite-in-android – jazb Nov 16 '18 at 07:33
  • 1
    I think this kind of problem would be avoided by using query parameters instead of building the SQL via string concatenation. Please have a look at this question and answer: https://stackoverflow.com/questions/20017688/why-we-do-sqlitecommand-parameters-add-while-we-can-use-string-format-to-compos – johey Nov 16 '18 at 08:13
  • cant do because - is in date format. – priyanka s Nov 16 '18 at 11:26

2 Answers2

0

DatabaseUtils.sqlEscapeString(String)

https://developer.android.com/reference/android/database/DatabaseUtils

jazb
  • 5,498
  • 6
  • 37
  • 44
0

this worked for me

string sssss = "InspectorADEL2018 -11-13";
ssss = ssss.Replace("\n", "");
priyanka s
  • 126
  • 2
  • 11