Solution to the problem of like binding parameters of SQL query statements in Android (SQLite database)

2020-04-05 • Android

Considering the security of the database, it is not easily injected into SQL. When executing query statements, the direct splicing statements are generally not used, but the method of parameter transfer is used. Then, when using the method of parameter passing, it is found that when using the like method to query data, it is easy to have a problem.

Error case:

According to the error prompt, you can see that in the SQL statement? The number is not recognized, so new string [] {myname} cannot replace the number in SQL? No.? The reason why the number was not recognized is estimated to be? There are single quotation marks outside the number, but in SQL, the value and% number of the like statement need to be enclosed in quotation marks.

In order to solve the problem in SQL? The number is unrecognized and must be removed? If there are quotation marks outside the sign, then the% sign also needs to be removed. So, you have to replace it later? Add the% sign to the parameter of.

Therefore, the correct case is as follows:

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Android

二维码

Detailed introduction to LinearLayout of Android layout control

< <上一篇

Simple implementation of Android recyclerview loading different layouts

下一篇>>

搜索内容

Solution to the problem of like binding parameters of SQL query statements in Android (SQLite database)

热门文章