我正在使用ORMLite,使用Table RecentSearch:
@DatabaseTable(tableName = LocalStorageConfig.SQL_RECENTS_TABLE_NAME)
public class RecentSearch {
@DatabaseField
public String search_text;
public static String SQL_SEARCH_FIELD = "search_text";
@DatabaseField
public String location_text;
public static String SQL_LOCATION_FIELD = "location_text";
@DatabaseField
public Date creation_date = new Date();
public static String SQL_CREATION_DATE_FIELD = "creation_date";
它几乎一直在工作,但当我发现包含’的字符串的情况时,它似乎是一个问题.你知道怎么解决这个问题吗?我找不到我要找的东西.
这是我删除最近的功能
public boolean deleteRecent(RecentSearch search) {
try {
Dao<RecentSearch,Integer> recentsDao = recentsSqlManager.getRecentsDao();
DeleteBuilder<RecentSearch,Integer> deleteBuilder = recentsDao.deleteBuilder();
deleteBuilder.where().eq(RecentSearch.SQL_SEARCH_FIELD,search.getSearch_text()).and().eq(RecentSearch.SQL_LOCATION_FIELD,search.location_text);
recentsDao.delete(deleteBuilder.prepare());
return true;
} catch (Exception e) {
Log.e(TAG,"Database exception",e);
return false;
}
}
这是我得到的例外情况:
java.sql.SQLException: Problems executing Android statement: DELETE FROM `recent_searches` WHERE (`search_text` = '' AND `location_text` = 'Villefranche-d'Allier,Allier' )
at com.j256.ormlite.misc.SqlExceptionUtil.create(SqlExceptionUtil.java:22)
at com.j256.ormlite.android.AndroidCompiledStatement.runUpdate(AndroidCompiledStatement.java:66)
at com.j256.ormlite.stmt.StatementExecutor.delete(StatementExecutor.java:425)
at com.j256.ormlite.dao.BaseDaoImpl.delete(BaseDaoImpl.java:347)
...
Caused by: android.database.sqlite.SQLiteException: near "Allier": syntax error:,while compiling: DELETE FROM `recent_searches` WHERE (`search_text` = '' AND `location_text` = 'Villefranche-d'Allier,Allier' )
at android.database.sqlite.SQLiteCompiledSql.native_compile(Native Method)
at android.database.sqlite.SQLiteCompiledSql.compile(SQLiteCompiledSql.java:92)
at android.database.sqlite.SQLiteCompiledSql.<init>(SQLiteCompiledSql.java:65)
at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:83)
at android.database.sqlite.SQLiteStatement.<init>(SQLiteStatement.java:41)
at android.database.sqlite.SQLiteDatabase.compileStatement(SQLiteDatabase.java:1149)
解决方法
在
ORMLite中,当您尝试使用引号构建查询时,应该使用SelectArg功能,该功能将使用SQL生成查询?参数然后直接将字符串传递给预准备语句.这解决了转义特殊字符的任何问题,并保护您免受SQL注入安全问题的影响.见
documentation on
SelectArg.
使用SelectArg,您可以执行以下操作:
DeleteBuilder<RecentSearch,Integer> deleteBuilder = recentsDao.deleteBuilder();
// create our argument which uses a SQL ?
SelectArg locationArg = new SelectArg(search.location_text);
deleteBuilder.where().eq(RecentSearch.SQL_SEARCH_FIELD,search.getSearch_text())
.and().eq(RecentSearch.SQL_LOCATION_FIELD,locationArg);
recentsDao.delete(deleteBuilder.prepare());
...
