SQLite: Escaping Special Characters

Question

Is there a common way within Android to escape all of the characters that aren\'t allowed in a SQLite database? For instance, \"You\\\'Me\'\". Instead of me figuring out every

Answer 1

In SQL, strings are delimited with 'single quotes'. To use one inside a string, you have to double it.

There are no other characters that need to be escaped in SQL. (If you're embedding strings in another language, such as Java, you also have to use the escape mechanisms of that language.)

To avoid string formatting problems, you should use parameters instead:

String name = "me";
db.rawQuery("SELECT ... WHERE name = ?", new String[]{ name });