Android quotes within an sql query string

Question

I want to perform a query like the following:

uvalue = EditText( some user value );
p_query = \"select * from mytable where name_field = \'\" +  uvalue + \"\         


        

Answer 1

You should make use of the rawQuery method's selectionArgs parameter:

p_query = "select * from mytable where name_field = ?";
mDb.rawQuery(p_query, new String[] { uvalue });

This not only solves your quotes problem but also mitigates SQL Injection.