0

我的主要活动将一个字符串传递给另一个活动(我们称之为子活动)。在这个子活动中,我需要在游标原始查询中使用该字符串来从数据库中选择与该字符串匹配的数据。

public class RestaurantsInfo extends ListActivity {

static final String restaurantListTable = "RestaurantList";
static final String colRestaurantID = "RestaurantID";
static final String colRestaurantName = "RestaurantName";
static final String colRestaurantStore = "StoreNo";
static final String colRestaurantAddress = "StoreAddress";
public String strRestaurantName;
RestaurantDB db = null;

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_listview);
    db=new RestaurantDB(RestaurantsInfo.this);

    Intent intent = getIntent();
    Bundle extras = intent.getExtras();

    String strRestaurantName = extras.getString("RestaurantName");
    setTitle(strRestaurantName);
    getData();
  }

private Cursor doQuery(String strRestaurantName) {
    return(db.getReadableDatabase().rawQuery("SELECT "+colRestaurantID+" AS _id, "+colRestaurantName+", "+colRestaurantStore+", "+colRestaurantAddress+
            " FROM "+restaurantListTable+" WHERE "+colRestaurantName+" = strRestaurantName ORDER BY "+colRestaurantStore+"", null));
    }


public void getData() {
    SimpleCursorAdapter adapter;

    if (Build.VERSION.SDK_INT>=Build.VERSION_CODES.HONEYCOMB) {
        adapter=new SimpleCursorAdapter(this, R.layout.activity_address,
                doQuery(strRestaurantName), new String[] {
            RestaurantDB.colRestaurantName,
            RestaurantDB.colRestaurantStore,
            RestaurantDB.colRestaurantAddress },
            new int[] { R.id.textView1, R.id.textView2, R.id.textView3 },
            0);
        }
    else {
        adapter=new SimpleCursorAdapter(this, R.layout.activity_address,
                doQuery(strRestaurantName), new String[] {
            RestaurantDB.colRestaurantName,
            RestaurantDB.colRestaurantStore,
            RestaurantDB.colRestaurantAddress },
            new int[] { R.id.textView1, R.id.textView2, R.id.textView3 });
        }

    setListAdapter(adapter);

    }
}

从代码中可以看出,我尝试传递字符串strRestaurantName并在查询中使用它WHERE,但它不起作用!日志文件说“没有这样的列strRestaurantName”,但我并不是说它是一个列。我试过doQuery()代替doQuery(strRestaurantName),但它也给出了同样的错误。我该怎么办?

4

3 回答 3

1

您必须将 SQL 字符串用引号括起来:

"WHERE "+colRestaurantName+" = '" + strRestaurantName + "'"

(我有一次倒退了,对不起)。

虽然你真的应该使用参数化来防止 SQL 注入攻击。如:

return(db.getReadableDatabase().rawQuery(
    "SELECT "+colRestaurantID+" AS _id, "+colRestaurantName+", "+colRestaurantStore+", "+colRestaurantAddress+
    " FROM "+restaurantListTable+
    " WHERE "+colRestaurantStore+" = ?" + 
    " ORDER BY "+colRestaurantStore, 
    new String[] {strRestaurantName}));

当意图和捆绑包放在 onCreate() 中时,我的私有 doQuery() 似乎无法检索 strRestaurantName 的值。

您不小心创建了两个名为strRestaurantName... 的变量,其中包含字段变量和局部变量onCreate()。更改此行:

String strRestaurantName = extras.getString("RestaurantName");

对此:

strRestaurantName = extras.getString("RestaurantName");

现在您将只有一个strRestaurantName,它将在doQuery().

于 2012-12-16T06:59:43.467 回答
0

您没有附加变量,而只是附加字符串 不要在变量名 strRestaurantName 周围加上引号

+" WHERE "+colRestaurantName+" = " +strRestaurantName+ "ORDER BY "+colRestaurantStore+""
于 2012-12-16T07:01:55.707 回答
0

这在您的方法中不是有效的 SQL 查询您可以试试这个:

private Cursor doQuery(String strRestaurantName) {
    return(db.getReadableDatabase().rawQuery("SELECT "+colRestaurantID+" AS _id, "+colRestaurantName+", "+colRestaurantStore+", "+colRestaurantAddress+
            " FROM "+restaurantListTable+" WHERE "+colRestaurantName+" = "+ strRestaurantName +" ORDER BY "+colRestaurantStore+"", null));
    }
于 2012-12-16T07:09:25.430 回答