So i have a data base and in the app while the user searches for something with the ' character, like "wendy's house", i send a query with the WHERE as "wendy's house" and here is where it crushes.
I would like to know please what should i do with the string in order that ill be able to send it in the query and the result the user gets will stay unharmed.
Thanks in advance.
Here you have an answer how to escape the apostrophe in your SQL:
INSERT INTO Person
(First, Last)
VALUES
('Joe', 'O''Brien')
/\
right here
Or
SELECT First, Last FROM Person WHERE Last = 'O''Brien'
https://stackoverflow.com/a/1912100/2065587
Related
I have a Sqlite3 database in android, with data are sentences like: "good afternoon" or "have a nice day", now I want to have a search box, to search between them, I use something like this :
Cursor cursor = sqliteDB.rawQuery("SELECT id FROM category WHERE sentences LIKE '"+ s.toString().toLowerCase()+ "%' LIMIT 10", null);
But it only show "good afternoon" as result if user start searching with first "g" or "go" or "goo" or etc, how can I retrieve "good afternoon" as results, if user search like "a" or "af" or "afternoon".
I mean I want to show "good afternoon" result, if user search from middle of a data in sqlite3 db, not only if user searches from beginning.
thanks!
Just put the percent sign in front of your query string: LIKE '%afternoon%'. However, your approach has two flaws:
It is susceptible to SQL injection attacks because you just insert unfiltered user input into your SQL query string. Use the query parameter syntax instead by re-writing your query as follows:
SELECT id FROM category WHERE sentences LIKE ? LIMIT 10. Add the user input string as selection argument to your query method call
It will be dead slow the bigger your database grows because LIKE queries are not optimized for quick string matching and lookups.
In order to solve number 2 you should use SQLite's FTS3 extension which greatly speeds up any text-related searches. Instead of LIKE you would be using the MATCH operator that uses a different query syntax:
SELECT id FROM category WHERE sentences MATCH 'afternoon' LIMIT 10
As you can see the MATCH operator does not need percent signs. It just tries to find any occurrence of a word in the whole text that is being searched (in your case the sentences column). Read through the documentation of FTS3 I've linked to. The MATCH query syntax provides some more pretty handy and powerful options for finding text in your database table which are pretty similar to early search engine query syntax such as:
MATCH 'afternoon OR evening'
The only (minor) downside to the FTS3 extension is that it blows up the database file size by creating additional search index tables and meta-data. But I think it's well worth it for this use case.
I am trying to get all SMSes from and to a single address.
So while using a Cursor to scan the DB, I tried to use select. But, no values were returned. I suspect that this was caused because the numbers in the "address" colum in the DB were containing space and/or hyphens (-).
My question is that can I make a query to ignore spaces and hyphens in the string?
P.S.: the address I have has been trimmed down to not include spaces and hyphens, and that is unchangeable as per my requirements.
I came across the same situation and tried below method.(not yet sure,was it a proper solution or not! :) )
So,
Query all conversations from conversation table
take a loop and go through all results.For each:
take the address field and remove unwanted character to make it like the number format you have
compare with number you want conversation for : if found => break
you will have the thread-id for the number you are searching sms of,at the end of loop.
Now,
now collect message id of all messages under that thread seperated by type:"sent" and "inbox"
Then you can use those array of id to gather messages from "sent" and "inbox" table of ContentProvider.
I know,the process is bit longer but gave me satisfactory result. :) Hope it helps.
what i am trying to use is that i want to select cities from my LocationByCity table in sqlite database each time As user inters search word in a search box,
for example if user enters F i want all the CityNames Starting From F ,so how can i do that?
Thanx in advance.
I'd have to check up, but I believe you want to use the LIKE keyword.
Syntax somthing along the lines of:
Select Fieldname From Tablename where fieldname LIKE ('%$myvar%');
where the % signs are wildcard characters.
Not sure if sqlite has fulltext indexing so you should be aware that can get very slow depending on how many rows you have in the table.
So I've been dragging with this one for some time now and simply can't find the solutions
Let's say I have a table called NAME with values like
John Doe
Jane Doe
etc.
I just want to pull the first word.... so everything after the first space ' ' will not show
I'm pulling the data into a Cursor as it's over 2000 records
Any thoughts on a raw query that will do such a thing?
Thanks in advance
Yeshai
You just get the string from db as a string and use something like
String[] strs = dbString.split(" ");
str[0] should be what you need.
I need to search a particular name from ma contacts... for that i gave the selection criteria like this
ContactsContract.Contacts.DISPLAY_NAME + " LIKE '"+constraint+"%'"
But for apostrophe(')... means ...when i gave apostrophe as constraint an (SQL error )exception is thrown.. for all other special characters , the search is working..
How can we handle constraint apostrophe(')... in search criteria.. boz we can have contact names having apostrophe in it (Eg: Jennifer'lo'pe_z)
How do I use a string literal that contains an embedded single-quote (') character?
The SQL standard specifies that single-quotes in strings are escaped by putting two single quotes in a row. SQL works like the Pascal programming language in the regard. SQLite follows this standard.
Example:
INSERT INTO xyz VALUES('5 O''clock');
SO, simply for your solution, use '' at the place of '. like
if(constraint.contains("'"))
constraint = constraint.replace("'", "''");
And then execute your query. This must help you.
Happy coding :)