Android Question Sqlite saveing

TomDuncan · Jul 30, 2015

Hi All,
I have a program which does this

B4X:

SQL.ExecNonQuery("UPDATE daytimes SET patient = '" & DataToSave & "', modified = 1 " & Where)

Where DataToSave is a String.
All is fine till today when testing I put in
Tom's birthday.
What has happened is the ' for Tom has corrupted the data being saved.
How can I fix this error.

I did think of Encoding Base 64 but then all previous data would not work.

Tom

oops Saving, sorry about that

sorex · Jul 30, 2015

you need to escape your DataToSave string.

B4X:

SQL.ExecNonQuery("UPDATE daytimes SET patient = '" & DataToSave.replace("'","\'") & "', modified = 1 " & Where)

TomDuncan · Jul 30, 2015

Thanks for that, will do.

Mahares · Jul 30, 2015

If you do not want to worry about escaping, you are better off using a parameterised query:

B4X:

SQL.ExecNonQuery2("UPDATE daytimes SET patient = ?, modified = ? " & Where), _
        Array As Object(DataToSave, 1))

Erel · Jul 30, 2015

No. No. No.

You need to use parameterized queries:

B4X:

SQL.ExecNonQuery2("UPDATE daytimes SET patient = ?, modified = 1 " & Where, Array (DataToSave))

Edit: Posted together with the post above which is a good solution.

Android Question Sqlite saveing

TomDuncan

Active Member

sorex

Expert

TomDuncan

Active Member

Mahares

Expert

Erel

B4X founder

Similar Threads