Android SQLite select * from table where name like%key%using prepared statements

前端之家收集整理的这篇文章主要介绍了Android SQLite select * from table where name like%key%using prepared statements前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
参见英文答案 > cant use like clause in android app6
我想使用预备的语句来防止在sql sql数据库上的sql注入.但是,当查询包含Like并且与Where name =?一起工作时,rawquery会崩溃?
有没有办法在Android sqlite数据库中使用类似和准备好的语句?

这是查询

sqlQuery = "SELECT * FROM " + TABLE_CALLS + " where " + CALLER_NAME + " like ? COLLATE NOCASE or " + CALLER_NBR + " like ? or " + CALLER_EXT + " like ?" + " or " + IS_OUTGOING + " like ?  COLLATE NOCASE or " + TYPE + " like ? COLLATE NOCASE";

Cursor cursor = database.rawQuery(sqlQuery,new String[]{"%" + criterion + "%","%" + criterion + "%","%" + criterion + "%"});

它会使绑定或列索引超出范围
谢谢.

解决方法

if (name.length() != 0) {

        name = "%" + name + "%";
    }
    if (email.length() != 0) {
        email = "%" + email + "%";
    }
    if (Phone.length() != 0) {
        Phone = "%" + Phone + "%";
    }
    String selectQuery = " select * from tbl_Customer where Customer_Name like  '"
            + name
            + "' or Customer_Email like '"
            + email
            + "' or Customer_Phone like '"
            + Phone
            + "' ORDER BY Customer_Id DESC";

    Cursor cursor = mDb.rawQuery(selectQuery,null);`

猜你在找的Android相关文章