Home/ Questions/Q 6094591
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T12:41:51+00:00

Is there a native way of escaping strings for Ormlite for Android? For example,

  • 0

Is there a native way of escaping strings for Ormlite for Android?

For example, if I want to supply a string: ormlite’s escape func, it needs to be supplied as ormlite\’s escape func.

TestDao.queryForFirst(TestDao.queryBuilder().where().like("stats", stats)
    .prepare())

I tried using UpdateBuilder’s escapeValue method, but it only makes the following change:
‘ormlite’s escape func’. It adds single quotes to beginning and end of the statement. Is there a native support for escaping strings to be sql injection safe?

If not, what are the ways to do it?

Thank you!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I tried using UpdateBuilder’s escapeValue method, but it only makes the following change: ‘ormlite’s escape func’. It adds single quotes to beginning and end of the statement. Is there a native support for escaping strings to be sql injection safe?

    This is a FAQ. The proper way to do this is to use a SelectArg argument so the SQL can use a ? type of construct. Here’s another question talking about this.

    SelectArg selectArg = new SelectArg(stats);
TestDao.queryForFirst(
    TestDao.queryBuilder().where().like("stats", selectArg).prepare());

    Here’s the documentation on the select-arg functionality.

    Edit:

    As @Moritz points out, if you are actually updating the database, you can also use the SelectArg with the UpdateBuilder:

    SelectArg arg = new SelectArg("Some value");
updateBuilder.updateColumnValue(MY_COLUMN, arg);
    • 0