Android SQLite select * from table where name like％key％using prepared statements

概述参见英文答案 > cant use like clause in android app                                    6 我想使用预备的语句来防止在SQL SQL数据库上的sql注入.但是,当查询包含Like并且与Where name =？一起工作时,rawquery会崩溃？ 有没有办法在Android SQLite数据库中使用类似和准备好的语句？ 这是查 参见英文答案 > cant use like clause in android app6
我想使用预备的语句来防止在sql sql数据库上的sql注入.但是,当查询包含like并且与Where name =？一起工作时,rawquery会崩溃？
有没有办法在AndroID sqlite数据库中使用类似和准备好的语句？

这是查询：

sqlquery = "SELECT * FROM " + table_CALLS + " where " + CALLER_name + " like ? ColLATE NOCASE or " + CALLER_NBR + " like ? or " + CALLER_EXT + " like ?" + " or " + IS_OUTGOING + " like ?  ColLATE NOCASE or " + TYPE + " like ? ColLATE NOCASE";Cursor cursor = database.rawquery(sqlquery,new String[]{"%" + criterion + "%","%" + criterion + "%","%" + criterion + "%"});

它会使绑定或列索引超出范围
谢谢.

解决方法

if (name.length() != 0) {        name = "%" + name + "%";    }    if (email.length() != 0) {        email = "%" + email + "%";    }    if (Phone.length() != 0) {        Phone = "%" + Phone + "%";    }    String selectquery = " select * from tbl_Customer where Customer_name like  '"            + name            + "' or Customer_Email like '"            + email            + "' or Customer_Phone like '"            + Phone            + "' ORDER BY Customer_ID DESC";    Cursor cursor = mDb.rawquery(selectquery,null);`

总结

以上是内存溢出为你收集整理的Android SQLite select * from table where name like％key％using prepared statements全部内容，希望文章能够帮你解决Android SQLite select * from table where name like％key％using prepared statements所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。