Ios *insertsql处的语法错误&*querysql阶段
Ios *insertsql处的语法错误&*querysql阶段,ios,objective-c,Ios,Objective C,*insertsql&*querysql阶段出现语法错误。 这里动态创建SQL表&插入的值在SQL表上。我没有更多的SQL知识。使用这个字符串 - (BOOL) saveData:(NSString*)registerNumber name:(NSString*)name department:(NSString*)department year:(NSString*)year; { const char *dbpath = [databas
*insertsql&*querysql
阶段出现语法错误。
这里动态创建SQL表&插入的值在SQL表上。我没有更多的SQL知识。使用这个字符串
- (BOOL) saveData:(NSString*)registerNumber name:(NSString*)name
department:(NSString*)department year:(NSString*)year;
{
const char *dbpath = [databasePath UTF8String];
if (sqlite3_open(dbpath, &database) == SQLITE_OK)
{
//here syntax error comes..
NSString *insertSQL = [NSString stringWithFormat:@ "insert into studentsDetail (regno,name, department, year) values ("\"%d\",\"%@\", \"%@\", \"%@\")",[registerNumber integerValue],name, department, year];
const char *insert_stmt = [insertSQL UTF8String];
sqlite3_prepare_v2(database, insert_stmt,-1, &statement, NULL);
if (sqlite3_step(statement) == SQLITE_DONE)
{
return YES;
}else {
return NO;
}
sqlite3_reset(statement);
}
return NO;
}
- (NSArray*) findByRegisterNumber:(NSString*)registerNumber
{
const char *dbpath = [databasePath UTF8String];
if (sqlite3_open(dbpath, &database) == SQLITE_OK)
{
NSString *querySQL = [NSString stringWithFormat:"select name, department, year from studentsDetail where regno=\"%@\" ",registerNumber];
const char *query_stmt = [querySQL UTF8String];
NSMutableArray *resultArray = [[NSMutableArray alloc]init];
if (sqlite3_prepare_v2(database,query_stmt, -1, &statement, NULL) == SQLITE_OK)
{
if (sqlite3_step(statement) == SQLITE_ROW)
{
NSString *name = [[NSString alloc] initWithUTF8String:(const char *) sqlite3_column_text(statement, 0)];
[resultArray addObject:name];
NSString *department = [[NSString alloc] initWithUTF8String:(const char *) sqlite3_column_text(statement, 1)];
[resultArray addObject:department];
NSString *year = [[NSString alloc]initWithUTF8String:(const char *) sqlite3_column_text(statement, 2)];
[resultArray addObject:year];
return resultArray;
}else{
NSLog(@"Not found");
return nil;
}
sqlite3_reset(statement);
}
}
return nil;
}
使用这个字符串
NSString *insertSQL = [NSString stringWithFormat:@ "insert into studentsDetail (regno,name, department, year) values (\"\"%d\",\"%@\", \"%@\", \"%@\")",[registerNumber integerValue],
name, department, year];
我想你在
\%d\”
之前添加了额外的“
,因此我在字符串中删除了它。如果有帮助,请尝试。你阅读了我对上一个问题的回答吗?这里似乎是完全相同的错误。该问题已被编辑,因此无法再看到原始问题。(将字符串常量跨多行错误拆分,与上一个问题相同。)SQL注入警报!SQL注入警报!SQL注入警报!SQL注入警报!@trojanfoe我刚刚纠正了字符串语法错误。仅此而已。这仍然是一个糟糕的做法;鼓励OP改用绑定变量。@trojanfoe但他只要求在我没有错的情况下出现语法错误。您好,这个答案有用吗?
NSString *insertSQL = [NSString stringWithFormat:@ "insert into studentsDetail (regno,name, department, year) values (\"%d\",\"%@\", \"%@\", \"%@\")",num,name, department, year];