Android 带选择参数的SQLite查询
我有以下SQLite查询:Android 带选择参数的SQLite查询,android,sqlite,android-sqlite,Android,Sqlite,Android Sqlite,我有以下SQLite查询: ArrayList<Long> idList = new ArrayList<>(); // adding Long values to idList SQLiteDatabase db = getReadableDatabase(); final String whereClause = COLUMN_DEVICE_ID + " IN (?)"; final String[] whereArgs = new String[]{TextU
ArrayList<Long> idList = new ArrayList<>();
// adding Long values to idList
SQLiteDatabase db = getReadableDatabase();
final String whereClause = COLUMN_DEVICE_ID + " IN (?)";
final String[] whereArgs = new String[]{TextUtils.join(", ", idList)};
Cursor cursor = db.query(TABLE_DEVICES, null, whereClause, whereArgs,
null, null, null);
为什么?
没有被wherergs
替换
提前感谢。解决了以下问题:
SELECT * FROM table_devices WHERE device_id IN (?)
final String args = TextUtils.join(", ", ids);
final String whereClause = String.format(COLUMN_DEVICE_ID + " IN (%s)", args);
Cursor cursor = db.query(TABLE_DEVICES, null, whereClause,
null, null, null, null);
虽然我不确定这与
?
+wherergs
方法(关于SQL注入)相比有多安全。执行TextUtils.join(“,”,idList)时会得到什么?这里有类似的问题和答案