英文:
syntax error (Sqlite code 1 SQLITE_ERROR)
问题
我想查询我的表中所有Name_s等于特定值的数据。
在这个类的以下代码行出现错误:
```java
Cursor data = db.rawQuery(query, null);
我的类:
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_mushroom);
dbhp = new DatabaseHelper(this);
NS = getIntent().getStringExtra("name_s");
txtName = (TextView)findViewById(R.id.textName);
txtType = (TextView)findViewById(R.id.textType);
txtName_s = (TextView)findViewById(R.id.textName_s);
txtFeature = (TextView)findViewById(R.id.textFeature);
txtProperties = (TextView)findViewById(R.id.textProperties);
imageV = (ImageView) findViewById(R.id.imageV);
SQLiteDatabase db = dbhp.getWritableDatabase();
String query = "SELECT * FROM " + dbhp.TABLE_NAME + " WHERE " + dbhp.KEY_NAME_S + " = '" + NS + "'";
Cursor data = db.rawQuery(query, null);
if (data.moveToFirst()) {
m_name = data.getString(data.getColumnIndex(DatabaseHelper.KEY_NAME));
m_name_s = data.getString(data.getColumnIndex(DatabaseHelper.KEY_NAME_S));
m_type = data.getString(data.getColumnIndex(DatabaseHelper.KEY_TYPE));
m_feature = data.getString(data.getColumnIndex(DatabaseHelper.KEY_FEATURE));
m_properties = data.getString(data.getColumnIndex(DatabaseHelper.KEY_PROPERTIES));
m_image = data.getBlob(data.getColumnIndex(DatabaseHelper.KEY_IMAGE));
Bitmap bitmap = BitmapFactory.decodeByteArray(m_image, 0, m_image.length);
txtName.setText(m_name);
txtType.setText(m_type);
txtName_s.setText(m_name_s);
txtFeature.setText(m_feature);
txtProperties.setText(m_properties);
imageV.setImageBitmap(bitmap);
}
data.close();
db.close();
}
<details>
<summary>英文:</summary>
i want to query all data from my table where Name_s = value intent
It fails on this line in the class:
```Cursor data = db.rawQuery(query, null);```
My class :
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_mushroom);
dbhp = new DatabaseHelper(this);
NS = getIntent().getStringExtra("name_s");
txtName = (TextView)findViewById(R.id.textName);
txtType = (TextView)findViewById(R.id.textType);
txtName_s = (TextView)findViewById(R.id.textName_s);
txtFeature = (TextView)findViewById(R.id.textFeature);
txtProperties = (TextView)findViewById(R.id.textProperties);
imageV = (ImageView) findViewById(R.id.imageV);
SQLiteDatabase db = dbhp.getWritableDatabase();
String query = "SELECT * FROM " + dbhp.TABLE_NAME + " where " + dbhp.KEY_NAME_S + " = " + NS ;
Cursor data = db.rawQuery(query, null);
m_name = data.getString(data.getColumnIndex(DatabaseHelper.KEY_NAME));
m_name_s = data.getString(data.getColumnIndex(DatabaseHelper.KEY_NAME_S));
m_type = data.getString(data.getColumnIndex(DatabaseHelper.KEY_TYPE));
m_feature = data.getString(data.getColumnIndex(DatabaseHelper.KEY_FEATURE));
m_properties = data.getString(data.getColumnIndex(DatabaseHelper.KEY_PROPERTIES));
m_image = data.getBlob(data.getColumnIndex(DatabaseHelper.KEY_IMAGE));
Bitmap bitmap = BitmapFactory.decodeByteArray(m_image, 0, m_image.length);
txtName.setText(m_name);
txtType.setText(m_type);
txtName_s.setText(m_name_s);
txtFeature.setText(m_feature);
txtProperties.setText(m_properties);
imageV.setImageBitmap(bitmap);
</details>
# 答案1
**得分**: 1
在 SQL 中,当查询字符串值时,需要用引号将字符串括起来。因此在您的情况下,代码应该是:
```java
String query = "SELECT * FROM " + dbhp.TABLE_NAME + " where " + dbhp.KEY_NAME_S + " = '" + NS + "'";
但为了让自己的生活更轻松,并且预防将来可能出现的与查询相关的问题,您可能想要了解一下Room 持久性库。一个不错的起始文章是这篇文章。
英文:
In SQL when querying a string value you need to surround the string with quotes. So in your case the code should be:
String query = "SELECT * FROM " + dbhp.TABLE_NAME + " where " + dbhp.KEY_NAME_S + " = '" + NS + "'";
But to make life easier for yourself and prevent such query related problems in the future you might want to look into Room Persistence. A good article to start with is this article.
答案2
得分: 0
你应该在字符串NS周围使用单引号,但即使这样做可以消除错误,也不是推荐的、安全的构建查询的方式。
在sql语句中,对于每个参数使用?占位符,并将参数作为字符串数组传递给rawQuery()的第二个参数:
String query = "SELECT * FROM " + dbhp.TABLE_NAME + " where " + dbhp.KEY_NAME_S + " = ?";
Cursor data = db.rawQuery(query, new String[] {NS});
这样,参数由rawQuery()处理,您无需连接单引号,代码安全且不会有SQL注入的风险。
英文:
You should use single quotes around the string NS, but even if this would remove the error, it would not be the recommended and also safe way to construct your query.<br/>
Use ? placeholders for each of the parameters that you pass in the sql statement and pass the parameters as a string array in the 2nd argument of rawQuery():
String query = "SELECT * FROM " + dbhp.TABLE_NAME + " where " + dbhp.KEY_NAME_S + " = ?";
Cursor data = db.rawQuery(query, new String[] {NS});
This way the parameters are taken care by rawQuery(), you don't have to concatenate single quotes and your code is safe and without the risk of sql-injection.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论