Bug - Miss sql escaping when using WHERE statement

Open liorzam opened this issue 8 years ago • 0 comments

Issue kind: BUG Version: 1.1.3

While using where clause you should escape your query with

DatabaseUtils.sqlEscapeString(query)

query.replaceAll("'", "\'\'")

otherwise if LIKE operator of this query 'lior will raise

Caused by: java.lang.IllegalArgumentException: Unterminated quote in '( display_name LIKE '%'lior%' AND mimetype IN ('vnd.android.cursor.item/phone_v2', 'vnd.android.cursor.item/email_v2') )'

Sep 18 '17 15:09 liorzam