How to escape % in String.Format?

502
votes

I am storing a SQL query in my strings.xml file and I want to use String.Format to build the final string in code. The SELECT statement uses a like, something like this:

SELECT Field1, Field2 FROM mytable WHERE Field1 LIKE '%something%'

In order to format that I replace 'something' with %1$s so it becomes:

SELECT Field1, Field2 FROM mytable WHERE Field1 LIKE \'%%1$s%\'

I escape the single quotes with the backslash. However I am not able to escape the % sign.

How can I include a like statement in my strings.xml file?

3
javaandroidstringsyntax
Don't forget to escape the %s properly.Seva Alekseyev
SQL injection alert. Prepare yourself.BalusC
They'd be injecting into their own database, no concern here ;)Matthew
Well, even if it is Your own database, it is possible to accidentally write queries that do bad things. Or just write queries that do not compile. Preparing queries is a good habit to get into.Rauni Lillemets
Although it's slower than String.format() you might consider using MessageFormat() instead.ccpizza

3 Answers

1056
votes

To escape %, you will need to double it up: %%.

17
votes

To complement the previous stated solution, use:

str = str.replace("%", "%%");
3
votes

This is a stronger regex replace that won't replace %% that are already doubled in the input.

str = str.replaceAll("(?:[^%]|\\A)%(?:[^%]|\\z)", "%%");