如何使用带有两个参数的 android SQLITE SELECT？

Question

这段代码return空cursor.What这里有错吗？ sqlitedb 中已有数据。

public static final String COL_2 =  "ID";
    public static final String COL_3 = "TYPE";

public Cursor checkData(String id, String type){
    SQLiteDatabase db = getWritableDatabase();
    Cursor res = db.rawQuery("SELECT * FROM "+ TABLE_NAME  + " WHERE " + COL_2 + " = " + id+ " AND " + COL_3 + " = " + type , null);
    return res;
}

Answer 1

终于解决了

public Cursor checkData(String id, String type){
        SQLiteDatabase db = getWritableDatabase();
        Cursor res = db.rawQuery("SELECT * FROM "+ TABLE_NAME  + " WHERE " + COL_2 + " = '" + id+ "' AND " + COL_3 + " =  '" + type +"'" , null);
        return res;
    }

Answer 2

如果 COL_3 类型是字符串试试这个：

Cursor res = db.rawQuery("SELECT * FROM "+ TABLE_NAME  + " WHERE " + COL_2 + " = " + id+ " AND " + COL_3 + " = '" + type + "'" , null);

Answer 3

当您将字符串作为参数传递时，您必须在 sql 语句中引用它们。
但是通过在 sql 代码中连接引用的字符串值，您的代码是不安全的。

推荐的方法是使用 ? 占位符：

public Cursor checkData(String id, String type){
    SQLiteDatabase db = getWritableDatabase();
    String sql = "SELECT * FROM "+ TABLE_NAME  + " WHERE " + COL_2 + " = ? AND " + COL_3 + " = ?";
    Cursor res = db.rawQuery(sql , new String[] {id, type});
    return res;
}

参数 id 和 type 在 rawQuery() 的第二个参数中作为字符串数组传递。

如何使用带有两个参数的 android SQLITE SELECT？

How to use android SQLITE SELECT with two parameters?

android-sqlite