Let's pretend I have a JCR 2 query string that is made like this:
String sql2Query = "SELECT * FROM [cq:PageContent] " +
"WHERE [aProperty] <> \" + aValue + "\"";
Yes, you can use placeholders. Even dynamically created queries can use placeholders.
As for SQL-2, you need to use single quotes, not double quotes. Example:
SELECT * FROM [cq:PageContent] WHERE [aProperty] <> 'Joe''s Taxi'
You only need to escape single quotes, using a single quote escape character:
String aValue = "Joe's Taxi"; String sql2Query = "SELECT * FROM [cq:PageContent] " + "WHERE [aProperty] <> '" + aValue.replaceAll("'", "''") + "'";
If you want to use XPath, you can use single quotes or double quotes, but usually single quotes are used as well (the same as in SQL-2). XPath queries don't support placeholders currently.