0

I am trying to execute INSERT sqlite statements into my database using a method as follows:

public void insertBluetoothPath(String path, String build) {

    String[] ColumnName = new String[1];
    ColumnName[0] = "path";

    SQLiteDatabase myDB = null;
    myDB = this.openOrCreateDatabase(DB_PATH, MODE_PRIVATE, null);

    myDB.execSQL("INSERT INTO phones VALUES(" + build + ", " + path + ");");
    myDB.close();

}

and I'm calling the method using insertBluetoothPath(finalPath, phoneBuild);

with variables String phoneBuild = Build.MODEL; and String finalPath = "/mnt/sdcard"

However I'm getting a syntax error exception 

sqlite returned: error code = 1, msg = near "/": syntax error

Failure 1 (near "/": syntax error) on 0x2b3ca8 when preparing 'INSERT INTO phones VALUES(sdk, /mnt/sdcard);'.

How can I insert slashes into the database? Thanks in advance.

Zerhinne
  • 1,829
  • 2
  • 20
  • 42
  • Try to use prepared statements - http://stackoverflow.com/questions/433392/how-do-i-use-prepared-statements-in-sqlite-in-android – Eugene Nov 14 '11 at 09:32
  • You should use escape characters for that.Check this post. http://stackoverflow.com/questions/4132996/escape-special-characters-in-sqlite – Serdar Dogruyol Nov 14 '11 at 09:41

2 Answers2

4

Ok, Carefully go over Eugene's Comment.

The problem is not the slashes...The Problem is your insert statement. An INSERT statement should look like this "INSERT INTO phones VALUES('sdk','/mnt/sdcard')" Notice the Lack of single quotes in your statment?

This is what you want

myDB.execSQL("INSERT INTO phones VALUES('" + build + "', '" + path + "');");

But if you ask me, don't use this method, use Prepared Statements, since the above method will be prone to SQL injection, if you are not careful.

st0le
  • 32,587
  • 8
  • 83
  • 88
0

Just wrap the path in single quotes like this.

myDB.execSQL("INSERT INTO phones VALUES(" + build + ", " + "'" + path + "'" + ");");

I think that should help.

PacQ
  • 234
  • 1
  • 5
  • 14