Escaping query parameters

171 views

Skip to first unread message

martijn.list

unread,

Mar 11, 2011, 1:07:26 PM3/11/11

to ormlit...@googlegroups.com

I have some troubles building a query for which the parameters contain
single quotes ('). It seems that where parameters are not escaped. The
single quotes interfere with the query which result in a SQLException:

android.database.sqlite.SQLiteCompiledSql.native_compile(....)

I was under the assumption that the QueryBuilder would escape all input.
Any idea how I can escape the input the make it accept all parameters?

Kind regards,

Martijn Brinkers

PS. I use ORMLite on Android

Gray Watson

unread,

Mar 11, 2011, 1:49:23 PM3/11/11

to ormlit...@googlegroups.com

On Mar 11, 2011, at 1:07 PM, martijn.list wrote:

> I have some troubles building a query for which the parameters contain
> single quotes ('). It seems that where parameters are not escaped. The
> single quotes interfere with the query which result in a SQLException:

This was covered recently on the dev list:

http://groups.google.com/group/ormlite-dev/browse_thread/thread/71d07202404f97e7

The answer was that the right thing to do if you strings have quotes in them is to use the SelectArg mechanism:

http://ormlite.com/docs/select-arg

This sets the arguments on the SQL statement instead of compiling them in.
gray

Reply all

Reply to author

Forward

0 new messages