0

当我写

                     Cursor c = customersDB.rawQuery("SELECT Name, Street, Block, City  FROM "    +
                            TABLE_NAME +
                            " where Name == 'VOLKSWAGEN '", null);

它的工作goog。

但:

String x="ll";



                     Cursor c = customersDB.rawQuery("SELECT Name, Street, Block, City  FROM "    +
                            TABLE_NAME +
                            " where Name == "+x, null);

犯错误。

4

2 回答 2

0

您需要将变量用单引号括起来并以分号结尾。我的建议是使用 string.format 所以你的查询字符串看起来像

String.format("SELECT Name, Street, Block, City FROM %1$s WHERE Name == '%2$s';", TABLE_NAME, x)

另一种方法是"SELECT Name, Street, Block, City FROM " + TABLE_NAME + "where Name == '" + x + "';", null);

于 2012-10-07T00:41:29.163 回答
0

如果可能,您应该始终使用参数:

String x="ll";
Cursor c = customersDB.rawQuery(
              "SELECT Name, Street, Block, City FROM " + TABLE_NAME +
              " WHERE Name == ?",
              new String[]{ x });

这避免了格式化问题和SQL 注入攻击。

于 2012-10-07T09:51:55.040 回答