Android SQLite中的语法错误(Insert语句)
我正在使用Android的SQLite存储选项来存储一些书籍的参考资料。该表已创建,但在执行Insert语句时出错 以下是查询字符串:Android SQLite中的语法错误(Insert语句),android,sqlite,Android,Sqlite,我正在使用Android的SQLite存储选项来存储一些书籍的参考资料。该表已创建,但在执行Insert语句时出错 以下是查询字符串: writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME + " VALUES( " + book.getTitle().toString() + "," + book
writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME +
" VALUES( " + book.getTitle().toString() +
"," + book.getAuthor().toString() + ","
+ book.getPathOfCover().toString() + " );");
下面是日志:
near "Devices": syntax error
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: FATAL EXCEPTION: Thread-2698
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: Process: dreamnyc.myapplication, PID: 23973
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: android.database.sqlite.SQLiteException: near "Devices": syntax error (code 1): , while compiling: INSERT INTO book VALUES( Electronic Devices & Circuits,Jacob Millman & Christos C. Halkias,/storage/emulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicDevicesCircuits/OEBPS/images/leaf-image0000.jpg );
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:891)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:502)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:58)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteStatement.<init>(SQLiteStatement.java:31)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1674)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1605)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at dreamnyc.myapplication.MainActivity$2.run(MainActivity.java:189)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at java.lang.Thread.run(Thread.java:818)
“设备”附近的:语法错误
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:致命异常:Thread-2698
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:Process:dreamnyc.myapplication,PID:23973
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:android.database.sqlite.SQLiteException:near“Devices”:编译时语法错误(代码1):,插入书本值(电子设备与电路,Jacob Millman&Christos C.Halkias,/storage/simulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicsDevicesCircuits/OEBPS/images/leaf-image0000.jpg);
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteConnection.nativepreparest陈述(本机方法)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteConnection.acquiredpreparedstatement(SQLiteConnection.java:891)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:502)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteProgram.(SQLiteProgram.java:58)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteStatement.(SQLiteStatement.java:31)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1674)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at-android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1605)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at dreamnyc.myapplication.MainActivity$2.run(MainActivity.java:189)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime:at java.lang.Thread.run(Thread.java:818)
问题在于,如果值的类型为varchar,则需要在其周围加引号:
writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME +
" VALUES( '" + book.getTitle().toString() +"',"
+"'"+ book.getAuthor().toString() + "',"
+"'"+ book.getPathOfCover().toString() + "');");
真正的问题是,您应该使用参数化查询来避免这些类型的错误,但也要防止sql注入
例如:
ContentValues values = new ContentValues();
values.put(KEY_TITLE, book.getTitle().toString());
values.put(KEY_AUTHOR, book.getAuthor().toString());
values.put(KEY_PATH_COVER, book.getPathOfCover().toString());
writeableDatabase.insert(TABLE_NAME, null, values);
键
是字符串形式的列名以避免SQL注入,请使用参数绑定。无论如何,您的查询在字符串文本周围没有“
。插入到书本值中(Electronic Devices&Circuits,Jacob Millman&Christos C.Halkias,/storage/Simulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicsDevicesCircuits/OEBPS/images/leaf-image0000.jpg
我该怎么做?参数绑定是什么意思?绑定参数是标记(?),替换为字符串数组值。请不要使用字符串串联键入原始sql字符串。请像这样使用insert
方法。