进入Android应用程序的ContentProvider(java),我有以下SQLiteDatabase查询:
db.execsql("SELECT " +
FormsColumns._ID + ", " +
FormsColumns.DISPLAY_NAME + ", " +
FormsColumns.DISPLAY_SUBTEXT + ", " +
FormsColumns.DESCRIPTION + ", " +
FormsColumns.JR_FORM_ID + ", " +
FormsColumns.MD5_HASH + ", " +
FormsColumns.DATE + ", " +
FormsColumns.FORM_MEDIA_PATH + ", " +
FormsColumns.FORM_FILE_PATH + ", " +
FormsColumns.LANGUAGE + ", " +
FormsColumns.SUBMISSION_URI + ", " +
"CASE WHEN " + MODEL_VERSION + " IS NOT NULL THEN " +
"CAST(" + MODEL_VERSION + " AS TEXT) ELSE NULL END, " +
((oldVersion != 3) ? "" : (FormsColumns.BASE64_RSA_PUBLIC_KEY + ", ")) + FormsColumns.JRCACHE_FILE_PATH + " " +
"FROM " + FORMS_TABLE_NAME);
这不是一个简单的查询,我知道如何使用SQLiteDatabase.query()方法重构一个简单的查询以防止SQL注入,但是在这种情况下,我不知道如何解决此问题。 如果我将SQLiteStatements类与“?”一起使用代替要更改的变量,它可以工作吗? 你们都如何建议我解决? 谢谢。