我想从表中删除与数组中的ID匹配的所有行.我可以通过以下两种方法之一来做到这两点(两者都有效).能否请您建议哪一个更好?
@H_301_12@
忘了第二种方法!
方法1:
public void deleteRec(String[] ids) { //ids is an array
sqliteDatabase db = this.getWritableDatabase();
db.delete(TABLE_NAME,KEY_ID+" IN (" + new String(new char[ids.length-1]).replace("\0","?,") + "?)",ids);
db.close();
}
方法2:
public void deleteRec(String[] ids) { //ids is an array
String allid = TextUtils.join(",",ids);
sqliteDatabase db = this.getWritableDatabase();
db.execsql(String.format("DELETE FROM "+TABLE_NAME+" WHERE "+KEY_ID+" IN (%s);",allid));
db.close();
}
你的id都是来自数字的字符串(否则sql会失败),但对于通用字符串数据,将数据传递给sql语句绝不是一个好主意.使您的应用程序容易受到sql注入:
String.format("DELETE FROM t WHERE ID='%s',"1' AND 1=1 --")
// = "DELETE FROM t WHERE ID='1' AND 1=1 --'" => would delete all data!
并且可能会使您的sql语句失败:
String.format("DELETE FROM t WHERE v='%s',"It's me!")
// = "DELETE FROM t WHERE v='It's me!'" => syntactically incorrect (quote not escaped)!
编辑:由于ID作为字符串数组提供,KEY_ID可能是INT列,方法1应适用于:
db.delete(TABLE_NAME,"CAST("+KEY_ID+" AS TEXT) IN (" + new String(new char[ids.length-1]).replace("\0",ids);
