Android SQLite中的语法错误（Insert语句）_Android_Sqlite

Android SQLite中的语法错误（Insert语句）

android sqlite

Android SQLite中的语法错误（Insert语句）,android,sqlite,Android,Sqlite,我正在使用Android的SQLite存储选项来存储一些书籍的参考资料。该表已创建，但在执行Insert语句时出错以下是查询字符串： writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME + " VALUES( " + book.getTitle().toString() + "," + book

我正在使用Android的SQLite存储选项来存储一些书籍的参考资料。该表已创建，但在执行Insert语句时出错

以下是查询字符串：

writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME +
                                " VALUES( " + book.getTitle().toString() +
                                "," + book.getAuthor().toString() + ","
                                + book.getPathOfCover().toString() + " );");

下面是日志：

near "Devices": syntax error
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: FATAL EXCEPTION: Thread-2698
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: Process: dreamnyc.myapplication, PID: 23973
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: android.database.sqlite.SQLiteException: near "Devices": syntax error (code 1): , while compiling: INSERT INTO book VALUES( Electronic Devices & Circuits,Jacob Millman & Christos C. Halkias,/storage/emulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicDevicesCircuits/OEBPS/images/leaf-image0000.jpg );
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:891)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:502)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:58)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteStatement.<init>(SQLiteStatement.java:31)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1674)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1605)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at dreamnyc.myapplication.MainActivity$2.run(MainActivity.java:189)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:     at java.lang.Thread.run(Thread.java:818)

“设备”附近的

：语法错误
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:致命异常：Thread-2698
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:Process:dreamnyc.myapplication，PID:23973
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:android.database.sqlite.SQLiteException:near“Devices”：编译时语法错误（代码1）：，插入书本值（电子设备与电路，Jacob Millman&Christos C.Halkias，/storage/simulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicsDevicesCircuits/OEBPS/images/leaf-image0000.jpg）；
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteConnection.nativepreparest陈述（本机方法）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteConnection.acquiredpreparedstatement（SQLiteConnection.java:891）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteConnection.prepare（SQLiteConnection.java:502）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteSession.prepare（SQLiteSession.java:588）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteProgram.（SQLiteProgram.java:58）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteStatement.（SQLiteStatement.java:31）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteDatabase.executeSql（SQLiteDatabase.java:1674）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteDatabase.execSQL（SQLiteDatabase.java:1605）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at dreamnyc.myapplication.MainActivity$2.run（MainActivity.java:189）
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at java.lang.Thread.run（Thread.java:818）

问题在于，如果值的类型为varchar，则需要在其周围加引号：

writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME +
                                " VALUES( '" + book.getTitle().toString() +"'," 
                                +"'"+ book.getAuthor().toString() + "',"
                                +"'"+ book.getPathOfCover().toString() + "');");

真正的问题是，您应该使用参数化查询来避免这些类型的错误，但也要防止sql注入

例如：

ContentValues values = new ContentValues();
values.put(KEY_TITLE, book.getTitle().toString());
values.put(KEY_AUTHOR, book.getAuthor().toString());
values.put(KEY_PATH_COVER, book.getPathOfCover().toString());
writeableDatabase.insert(TABLE_NAME, null, values);

键

是字符串形式的列名

以避免SQL注入，请使用参数绑定。无论如何，您的查询在字符串文本周围没有

“

。

插入到书本值中（Electronic Devices&Circuits，Jacob Millman&Christos C.Halkias，/storage/Simulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicsDevicesCircuits/OEBPS/images/leaf-image0000.jpg

我该怎么做？参数绑定是什么意思？绑定参数是标记（？），替换为字符串数组值。请不要使用字符串串联键入原始sql字符串。请像这样使用

insert

方法。