如何在android中的sqlite中转义像'这样的特殊字符
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12615113/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to escape special characters like ' in sqlite in android
提问by Rahul Patel
I have a function which is executing a query on a table in SQLite database. I declare a constant: public static final String CANADA_HISTORY = "Canada's History";. This is stored in a Stringvariable let's say difficulty,
我有一个函数,它在 SQLite 数据库中的表上执行查询。我声明一个常量:public static final String CANADA_HISTORY = "Canada's History";. 这存储在一个String变量中,比方说difficulty,
I have one query:
我有一个查询:
Cursor c = mDb.rawQuery("select * from Questions_answers where CHAPTERS = '"+difficulty+"'" , null);
It is throwing an exception near the apostrophe.
它在撇号附近抛出异常。
Logcat output:
Logcat 输出:
I/Database( 1170): sqlite returned: error code = 1, msg = near "s": syntax error
D/AndroidRuntime( 1170): Shutting down VM
W/dalvikvm( 1170): threadid=1: thread exiting with uncaught exception (group=0x40015560)
E/AndroidRuntime( 1170): FATAL EXCEPTION: main
E/AndroidRuntime( 1170): android.database.sqlite.SQLiteException: near "s": syntax error: , while compiling: select * from Questions_answers where CHAPTERS = 'Canada's History'
I have also tried:
我也试过:
1. difficulty=difficulty.replaceAll("'","''");
2. difficulty=difficulty.replaceAll("'","\'");
3. difficulty = DatabaseUtils.sqlEscapeString(difficulty);
To add to that, it's working me for the single words like Canada History, I mean without the special character word.
除此之外,它对像 这样的单个词有效Canada History,我的意思是没有特殊字符词。
Please give me advice for the solve problem Thanks.
请给我解决问题的建议谢谢。
采纳答案by Chirag
First replace char with this
首先用这个替换字符
difficulty=difficulty.replaceAll("'","\'");
then pass it in your query
然后在您的查询中传递它
"select * from Questions_answers where CHAPTERS='"+difficulty+"'";
Edit :
编辑 :
q = "select * from Questions_answers where CHAPTERS = ?";
database.rawQuery(q, new String[] { difficulty});
回答by Pankaj Kumar
The SQL standard specifies that single-quotes in strings are escaped by putting two single quotes in a row. SQL works like the Pascal programming language in the regard. SQLite follows this standard. Example:
SQL 标准指定通过将两个单引号放在一行中来对字符串中的单引号进行转义。在这方面,SQL 的工作方式类似于 Pascal 编程语言。SQLite 遵循此标准。例子:
INSERT INTO xyz VALUES('5 O''clock');
Ref : SQLite FAQ
参考:SQLite 常见问题
回答by Richard Le Mesurier
The best way is to use a native Android method designed for exactly this purpose:
最好的方法是使用专为此目的而设计的原生 Android 方法:
DatabaseUtils.sqlEscapeString(String)
Here is the documentation for it online:
这是它的在线文档:
The main advantage of using this method, in my opinion, is the self-documentation because of the clear method name.
在我看来,使用这种方法的主要优点是由于方法名称清晰,因此具有自文档性。
回答by Dhiraj Himani
What worked for me was
对我有用的是
if (columnvalue.contains("'")) {
columnvalue = columnvalue.replaceAll("'", "''");
}
回答by jaredzhang
you can try Cursor c = mDb.rawQuery("select * from Questions_answers where CHAPTERS = \""+difficulty+"\"" , null);
你可以试试 Cursor c = mDb.rawQuery("select * from Questions_answers where CHAPTERS = \""+difficulty+"\"" , null);
回答by Michael Popovich
This will work the same:
这将起作用:
if (columnValue.contains("'"))
columnValue = columnValue.replaceAll("'", "[']");
or
或者
if (columnValue.contains("'"))
columnValue = columnValue.replaceAll("'", "\\'");
but in actuality we use next symbols % and _
但实际上我们使用下一个符号 % 和 _
回答by Onno Eberhard
What DatabaseUtils.sqlEscapeString(s)essentially does, is replace all single quotes (') with two single quotes ('') and append one single quote at the beginning and one at the end of the String.
So if you just want to escape the String this function should work:
什么DatabaseUtils.sqlEscapeString(s)本质上是做,是全部替换单引号(')有两个单引号(''),并在起点附加一个单引号和一个字符串的结束。
所以如果你只是想转义字符串这个函数应该工作:
private static String escape(String s) {
return s != null ? s.replaceAll("\'", "\'\'") : null;
}
回答by Meghana Patil
As per my understanding there are two approcaches,
根据我的理解,有两种方法,
String test= "Android's vaersion" test= test.replace("'","''");
String test="Android 版本" test= test.replace("'","''");
This scenario is absolutely fine but i would definitely suggest to use following approach.
这种情况绝对没问题,但我绝对建议使用以下方法。
String test= "Android's vaersion" test= test.replaceAll("'","\'");
String test="Android 版本" test= test.replaceAll("'","\'");
We faced the issue because of first approach when we were trying to update and select SQLite Table Value with '.
当我们尝试更新和选择带有 '.
回答by Yevgeny Simkin
don't you need to escape the \ as well? so it would be replaceAll("'", "\\'")Or am I wrong about that?
你不需要逃避 \ 吗?所以它会是replaceAll("'", "\\'")或者我错了吗?
