Android 复杂的sqlite查询
我正在尝试执行一个具有各种条件的查询,但遇到了一个异常Android 复杂的sqlite查询,android,android-sqlite,android-contentresolver,Android,Android Sqlite,Android Contentresolver,我正在尝试执行一个具有各种条件的查询,但遇到了一个异常 bind or column index out of range 下面是来自ContentProvider的查询 @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) { SQLiteQueryBuilder queryBuilder = new
bind or column index out of range
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();
int uriType = sURIMatcher.match(uri);
switch (uriType) {
case RESPONSEVIEW2_SELECTION_10:
queryBuilder.setTables(RESPONSES_VIEW);
String activeUserKey = getActiveUserId();;
String outerSelection =
"(((" + PeerCreatedDataColumns.SHARED + "=" + "" + trueId + "" + ") OR "
+ "(" + PeerCreatedDataColumns.AUTHORHASH + "=" + "'" + activeUserKey + "'" + ")) AND ("
+ "(" + ResponsesColumns.PRIMARYMATCH + "= '*'" + ") OR "
// '*' is defined by the program, hopefully not in conflict with anything built-in
+ "(" + ResponsesColumns.PRIMARYMATCH + " like '?') OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like '" + selectionArgs[0] + "%') OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like '%" + selectionArgs[0] + "') OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like '%" + selectionArgs[0] + "%'" + ")))";
Log.d(DEBUG_TAG, "query " + outerSelection);
Cursor cursor10 = queryBuilder.query(mDB.getReadableDatabase(), projection, outerSelection, selectionArgs,
null, null, sortOrder);
cursor10.setNotificationUri(getContext().getContentResolver(), uri);
Log.e(DEBUG_TAG, "responses_view2 should have better search function");
return cursor10;
case ROW_SELECTION_11:
queryBuilder.setTables(RESPONSES_VIEW);
Log.e(DEBUG_TAG, "responses_view2 should have better search function");
queryBuilder.appendWhere(PeerDatabase._ID + "=" + uri.getLastPathSegment());
Cursor cursor11 = queryBuilder.query(mDB.getReadableDatabase(), projection, selection, selectionArgs, null,
null, sortOrder);
cursor11.setNotificationUri(getContext().getContentResolver(), uri);
return cursor11;
...
}
}
public Loader<Cursor> onCreateLoader(int id, Bundle args) {
if (search == null) {
return null;
} else {
String[] selectArgs = { search };
return new CursorLoader(getActivity(), table, createProjection, "?", selectArgs, null);
}
}
我正在试图找出异常,但请告诉我是否有更好的方法查询此数据 您选择的
参数中的?
数量必须与选择的gs
参数中的字符串数量相匹配。日志显示这些计数不匹配,但我们很难判断
我发现了问题,请不要将?
括在引号中,否则您实际上是在搜索问号。这是不正确的:
" like '?') OR "
而是使用:
" like ?) OR "
如果search
是用户输入,则应保护自己免受SQL注入攻击:
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?) OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?) OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?) OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?)))";
并创建一个新的selectionArgs
参数,如下所示:
String search = selectionArgs[0];
String[] matchArgs = { search, search + "%", "%" + search, "%" + search + "%" };
Cursor cursor10 = queryBuilder.query(mDB.getReadableDatabase(), projection,
outerSelection, matchArgs, null, null, sortOrder);
选择
参数中的?
数量必须与selectionArgs
参数中的字符串数量匹配。日志显示这些计数不匹配,但我们很难判断
我发现了问题,请不要将?
括在引号中,否则您实际上是在搜索问号。这是不正确的:
" like '?') OR "
而是使用:
" like ?) OR "
如果search
是用户输入,则应保护自己免受SQL注入攻击:
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?) OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?) OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?) OR "
+ "(" + ResponsesColumns.PRIMARYMATCH + " like ?)))";
并创建一个新的selectionArgs
参数,如下所示:
String search = selectionArgs[0];
String[] matchArgs = { search, search + "%", "%" + search, "%" + search + "%" };
Cursor cursor10 = queryBuilder.query(mDB.getReadableDatabase(), projection,
outerSelection, matchArgs, null, null, sortOrder);
谢谢我在把所有的部件组装起来时遇到了点麻烦。这个好多了,谢谢。我在把所有的部件组装起来时遇到了点麻烦。这样好多了。