Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
e r i c.ax249e r i c.ax249 

String.escapeSingleQuotes method bug?

I've run into an interesting issue.  I am building a dynamic SOQL statement, so I want to clean the user input with the String.escapeSingleQuotes method.  It is having some undesired effects on the string that I'm trying to concatenate it to. 

 

Here is what's going on:

 

criteria = ' Employee_First_Name__c like \'' + String.escapeSingleQuotes(txtFirstName.trim()) + '%\'';

 
 is evaluating to the string:
 Employee_First_Name__c like \'er%\'
 
and:
criteria = ' Employee_First_Name__c like \'' + txtFirstName.trim() + '%\'';
is evaluating to the string:
 Employee_First_Name__c like 'er%'
 
 
Why is it that when I use the String.escapeSingleQuotes method with the "er" string (or any string), it causes the other string that I'm concatenating to not escape single quotes correctly (using the \' doesn't evaluate to ' properly)?
Message Edited by e r i c on 06-03-2009 01:19 PM
Message Edited by e r i c on  06-03-2009 01:20 PM