问题
I have a function which is executing a query on a table in SQLite database. I declare a constant: public static final String CANADA_HISTORY = \"Canada\'s History\";. This is stored in a String variable let\'s say difficulty,
I have one query:
Cursor c = mDb.rawQuery(\"select * from Questions_answers where CHAPTERS = \'\"+difficulty+\"\'\" , null);
It is throwing an exception near the apostrophe.
Logcat output:
I/Database( 1170): sqlite returned: error code = 1, msg = near \"s\": syntax error
D/AndroidRuntime( 1170): Shutting down VM
W/dalvikvm( 1170): threadid=1: thread exiting with uncaught exception (group=0x40015560)
E/AndroidRuntime( 1170): FATAL EXCEPTION: main
E/AndroidRuntime( 1170): android.database.sqlite.SQLiteException: near \"s\": syntax error: , while compiling: select * from Questions_answers where CHAPTERS = \'Canada\'s History\'
I have also tried:
1. difficulty=difficulty.replaceAll(\"\'\",\"\'\'\");
2. difficulty=difficulty.replaceAll(\"\'\",\"\\\'\");
3. difficulty = DatabaseUtils.sqlEscapeString(difficulty);
To add to that, it\'s working me for the single words like Canada History, I mean without the special character word.
Please give me advice for the solve problem Thanks.
回答1:
First replace char with this
difficulty=difficulty.replaceAll("'","\\'");
then pass it in your query
"select * from Questions_answers where CHAPTERS='"+difficulty+"'";
Edit :
q = "select * from Questions_answers where CHAPTERS = ?";
database.rawQuery(q, new String[] { difficulty});
回答2:
The SQL standard specifies that single-quotes in strings are escaped by putting two single quotes in a row. SQL works like the Pascal programming language in the regard. SQLite follows this standard. Example:
INSERT INTO xyz VALUES('5 O''clock');
Ref : SQLite FAQ
回答3:
The best way is to use a native Android method designed for exactly this purpose:
DatabaseUtils.sqlEscapeString(String)
Here is the documentation for it online:
- sqlEscapeString() on Android Developers
The main advantage of using this method, in my opinion, is the self-documentation because of the clear method name.
回答4:
What worked for me was
if (columnvalue.contains("'")) {
columnvalue = columnvalue.replaceAll("'", "''");
}
回答5:
you can try Cursor c = mDb.rawQuery("select * from Questions_answers where CHAPTERS = \""+difficulty+"\"" , null);
回答6:
This will work the same:
if (columnValue.contains("'"))
columnValue = columnValue.replaceAll("'", "[']");
or
if (columnValue.contains("'"))
columnValue = columnValue.replaceAll("'", "\\\'");
but in actuality we use next symbols % and _
回答7:
What DatabaseUtils.sqlEscapeString(s) essentially does, is replace all single quotes (') with two single quotes ('') and append one single quote at the beginning and one at the end of the String.
So if you just want to escape the String this function should work:
private static String escape(String s) {
return s != null ? s.replaceAll("\'", "\'\'") : null;
}
回答8:
As per my understanding there are two approcaches,
String test= "Android's vaersion" test= test.replace("'","''");
This scenario is absolutely fine but i would definitely suggest to use following approach.
String test= "Android's vaersion" test= test.replaceAll("'","\'");
We faced the issue because of first approach when we were trying to update and select SQLite Table Value with '.
回答9:
don't you need to escape the \ as well? so it would be replaceAll("'", "\\'") Or am I wrong about that?
来源:https://stackoverflow.com/questions/12615113/how-to-escape-special-characters-like-in-sqlite-in-android