我想执行如下查询:
uvalue = EditText( some user value );
p_query = "select * from mytable where name_field = '" + uvalue + "'" ;
mDb.rawQuery( p_query, null );
如果用户在输入中输入单引号,则会崩溃.如果您将其更改为:
p_query = "select * from mytable where name_field = \"" + uvalue + "\"" ;
如果用户在输入中输入双引号,它就会崩溃.当然,他们总是可以输入单引号和双引号.