In theory you could escape '
as ''
in SQL.
However, it's better to use variable binding. Replace the string literals in SQL with ?
and supply corresponding number of String
s in an array:
Cursor pid = mDB.rawQuery("select Id FROM MusicPlayer WHERE Path = ?;",
new String[] { sname });