Fatal编程技术网
  • ios/
  • Ios *insertsql处的语法错误&*querysql阶段

Ios *insertsql处的语法错误&*querysql阶段

ios objective-c

Ios *insertsql处的语法错误&*querysql阶段,ios,objective-c,Ios,Objective C,*insertsql&*querysql阶段出现语法错误。 这里动态创建SQL表&插入的值在SQL表上。我没有更多的SQL知识。使用这个字符串 - (BOOL) saveData:(NSString*)registerNumber name:(NSString*)name department:(NSString*)department year:(NSString*)year; { const char *dbpath = [databas

*insertsql&*querysql
阶段出现语法错误。 这里动态创建SQL表&插入的值在SQL表上。我没有更多的SQL知识。

使用这个字符串

- (BOOL) saveData:(NSString*)registerNumber name:(NSString*)name
                   department:(NSString*)department year:(NSString*)year;
   {
     const char *dbpath = [databasePath UTF8String];
     if (sqlite3_open(dbpath, &database) == SQLITE_OK)
   {
    //here syntax error comes..
     NSString *insertSQL = [NSString stringWithFormat:@ "insert into studentsDetail (regno,name, department, year) values ("\"%d\",\"%@\", \"%@\", \"%@\")",[registerNumber integerValue],name, department, year];
     const char *insert_stmt = [insertSQL UTF8String];
     sqlite3_prepare_v2(database, insert_stmt,-1, &statement, NULL);

     if (sqlite3_step(statement) == SQLITE_DONE)
        {
            return YES;
        }else {
            return NO;
        }
            sqlite3_reset(statement);
        }
            return NO;
        }

- (NSArray*) findByRegisterNumber:(NSString*)registerNumber
     {
        const char *dbpath = [databasePath UTF8String];
        if (sqlite3_open(dbpath, &database) == SQLITE_OK)
        {
          NSString *querySQL = [NSString stringWithFormat:"select name, department, year from studentsDetail where regno=\"%@\" ",registerNumber];
          const char *query_stmt = [querySQL UTF8String];
          NSMutableArray *resultArray = [[NSMutableArray alloc]init];

          if (sqlite3_prepare_v2(database,query_stmt, -1, &statement, NULL) == SQLITE_OK)
            {
                if (sqlite3_step(statement) == SQLITE_ROW)
                   {
                     NSString *name = [[NSString alloc] initWithUTF8String:(const char *) sqlite3_column_text(statement, 0)];
                     [resultArray addObject:name];
                     NSString *department = [[NSString alloc] initWithUTF8String:(const char *) sqlite3_column_text(statement, 1)];
                     [resultArray addObject:department];
                     NSString *year = [[NSString alloc]initWithUTF8String:(const char *) sqlite3_column_text(statement, 2)];
                     [resultArray addObject:year];
                     return resultArray;
                   }else{
                      NSLog(@"Not found");
                      return nil;
                    }
                    sqlite3_reset(statement);
                }
              }
            return nil;
         }
使用这个字符串

 NSString *insertSQL = [NSString stringWithFormat:@ "insert into studentsDetail (regno,name, department, year) values (\"\"%d\",\"%@\", \"%@\", \"%@\")",[registerNumber integerValue],
                                        name, department, year];
我想你在
\%d\”
之前添加了额外的
,因此我在字符串中删除了它。如果有帮助,请尝试。

你阅读了我对上一个问题的回答吗?这里似乎是完全相同的错误。该问题已被编辑,因此无法再看到原始问题。(将字符串常量跨多行错误拆分,与上一个问题相同。)SQL注入警报!SQL注入警报!SQL注入警报!SQL注入警报!@trojanfoe我刚刚纠正了字符串语法错误。仅此而已。这仍然是一个糟糕的做法;鼓励OP改用绑定变量。@trojanfoe但他只要求在我没有错的情况下出现语法错误。您好,这个答案有用吗? 
NSString *insertSQL = [NSString stringWithFormat:@ "insert into studentsDetail (regno,name, department, year) values (\"%d\",\"%@\", \"%@\", \"%@\")",num,name, department, year];