package android.database;
public class DatabaseUtils {
/**
* Appends an SQL string to the given StringBuilder, including the opening
* and closing single quotes. Any single quotes internal to sqlString will
* be escaped.
*
* This method is deprecated because we want to encourage everyone
* to use the "?" binding form. However, when implementing a
* ContentProvider, one may want to add WHERE clauses that were
* not provided by the caller. Since "?" is a positional form,
* using it in this case could break the caller because the
* indexes would be shifted to accomodate the ContentProvider's
* internal bindings. In that case, it may be necessary to
* construct a WHERE clause manually. This method is useful for
* those cases.
*
* @param sb the StringBuilder that the SQL string will be appended to
* @param sqlString the raw string to be appended, which may contain single
* quotes
*/
public static void appendEscapedSQLString(StringBuilder sb, String sqlString) {
sb.append('\'');
if (sqlString.indexOf('\'') != -1) {
int length = sqlString.length();
for (int i = 0; i < length; i++) {
char c = sqlString.charAt(i);
if (c == '\'') {
sb.append('\'');
}
sb.append(c);
}
} else
sb.append(sqlString);
sb.append('\'');
}
}