Android Question Sqlite saveing

Discussion in 'Android Questions' started by TomDuncan, Jul 30, 2015.

  1. TomDuncan

    TomDuncan Active Member Licensed User

    Hi All,
    I have a program which does this
    Code:
    SQL.ExecNonQuery("UPDATE daytimes SET patient = '" & DataToSave & "', modified = 1 " & Where)
    Where DataToSave is a String.
    All is fine till today when testing I put in
    Tom's birthday.
    What has happened is the ' for Tom has corrupted the data being saved.
    How can I fix this error.

    I did think of Encoding Base 64 but then all previous data would not work.

    Tom

    oops Saving, sorry about that
     
  2. sorex

    sorex Expert Licensed User

    you need to escape your DataToSave string.

    Code:
    SQL.ExecNonQuery("UPDATE daytimes SET patient = '" & DataToSave.replace("'","\'") & "', modified = 1 " & Where)
     
  3. TomDuncan

    TomDuncan Active Member Licensed User

    Thanks for that, will do.
     
  4. Mahares

    Mahares Well-Known Member Licensed User

    If you do not want to worry about escaping, you are better off using a parameterised query:
    Code:
    SQL.ExecNonQuery2("UPDATE daytimes SET patient = ?, modified = ? " & Where), _
            
    Array As Object(DataToSave, 1))
     
    DonManfred, mangojack and Erel like this.
  5. Erel

    Erel Administrator Staff Member Licensed User

    No. No. No.

    You need to use parameterized queries:
    Code:
    SQL.ExecNonQuery2("UPDATE daytimes SET patient = ?, modified = 1 " & Where, Array (DataToSave))
    Edit: Posted together with the post above which is a good solution.
     
Loading...