我的主要活动将字符串传递给另一个活动(我们只是将其称为子活动)。在这个子活动中,我需要在游标原始查询中使用该字符串来从数据库中选择与字符串匹配的数据。
public class RestaurantsInfo extends ListActivity {
static final String restaurantListTable = "RestaurantList";
static final String colRestaurantID = "RestaurantID";
static final String colRestaurantName = "RestaurantName";
static final String colRestaurantStore = "StoreNo";
static final String colRestaurantAddress = "StoreAddress";
public String strRestaurantName;
RestaurantDB db = null;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_listview);
db=new RestaurantDB(RestaurantsInfo.this);
Intent intent = getIntent();
Bundle extras = intent.getExtras();
String strRestaurantName = extras.getString("RestaurantName");
setTitle(strRestaurantName);
getData();
}
private Cursor doQuery(String strRestaurantName) {
return(db.getReadableDatabase().rawQuery("SELECT "+colRestaurantID+" AS _id, "+colRestaurantName+", "+colRestaurantStore+", "+colRestaurantAddress+
" FROM "+restaurantListTable+" WHERE "+colRestaurantName+" = strRestaurantName ORDER BY "+colRestaurantStore+"", null));
}
public void getData() {
SimpleCursorAdapter adapter;
if (Build.VERSION.SDK_INT>=Build.VERSION_CODES.HONEYCOMB) {
adapter=new SimpleCursorAdapter(this, R.layout.activity_address,
doQuery(strRestaurantName), new String[] {
RestaurantDB.colRestaurantName,
RestaurantDB.colRestaurantStore,
RestaurantDB.colRestaurantAddress },
new int[] { R.id.textView1, R.id.textView2, R.id.textView3 },
0);
}
else {
adapter=new SimpleCursorAdapter(this, R.layout.activity_address,
doQuery(strRestaurantName), new String[] {
RestaurantDB.colRestaurantName,
RestaurantDB.colRestaurantStore,
RestaurantDB.colRestaurantAddress },
new int[] { R.id.textView1, R.id.textView2, R.id.textView3 });
}
setListAdapter(adapter);
}
}
从代码中可以看出,我尝试传递字符串strRestaurantName并在查询中的WHERE中使用它,但它不起作用!日志文件中写着“没有strRestaurantName这样的列”,但我并不认为它是一个列。我尝试了doQuery()而不是doQuery(strRestaurantName),但它也给出了同样的错误。我该怎么办?
答案 0 :(得分:1)
您必须用引号括起SQL字符串:
"WHERE "+colRestaurantName+" = '" + strRestaurantName + "'"
(我有一点倒退,抱歉)。
虽然你应该使用参数化来防止SQL注入攻击。如:
return(db.getReadableDatabase().rawQuery(
"SELECT "+colRestaurantID+" AS _id, "+colRestaurantName+", "+colRestaurantStore+", "+colRestaurantAddress+
" FROM "+restaurantListTable+
" WHERE "+colRestaurantStore+" = ?" +
" ORDER BY "+colRestaurantStore,
new String[] {strRestaurantName}));
当intent和bundle放在onCreate()中时,我的私有doQuery()似乎无法检索strRestaurantName的值。
您不小心创建了名为strRestaurantName的两个变量...您在onCreate()中有字段变量和局部变量。改变这一行:
String strRestaurantName = extras.getString("RestaurantName");
对此:
strRestaurantName = extras.getString("RestaurantName");
现在,您只有一个strRestaurantName,它将在doQuery()中具有相应的值。
答案 1 :(得分:0)
您没有附加变量,而只是附加字符串 Donot在变量名strRestaurantName
周围加上引号+" WHERE "+colRestaurantName+" = " +strRestaurantName+ "ORDER BY "+colRestaurantStore+""
答案 2 :(得分:0)
这不是您方法中的有效SQL查询您可以尝试:
private Cursor doQuery(String strRestaurantName) {
return(db.getReadableDatabase().rawQuery("SELECT "+colRestaurantID+" AS _id, "+colRestaurantName+", "+colRestaurantStore+", "+colRestaurantAddress+
" FROM "+restaurantListTable+" WHERE "+colRestaurantName+" = "+ strRestaurantName +" ORDER BY "+colRestaurantStore+"", null));
}