我想从表中删除与数组中的ID匹配的所有行。我可以通过以下两种方法之一来做到这两点(两者都有效)。你能建议哪一个更好吗?
方法1:
public void deleteRec(String[] ids) { //ids is an array
SQLiteDatabase db = this.getWritableDatabase();
db.delete(TABLE_NAME, KEY_ID+" IN (" + new String(new char[ids.length-1]).replace("\0", "?,") + "?)", ids);
db.close();
}
方法2:
public void deleteRec(String[] ids) { //ids is an array
String allid = TextUtils.join(", ", ids);
SQLiteDatabase db = this.getWritableDatabase();
db.execSQL(String.format("DELETE FROM "+TABLE_NAME+" WHERE "+KEY_ID+" IN (%s);", allid));
db.close();
}
答案 0 :(得分:6)
忘了第二种方法!
你的ids都是来自数字的字符串(否则SQL会失败),但对于通用字符串数据,将数据传递到SQL语句绝不是一个好主意。使您的应用程序容易受到SQL注入:
String.format("DELETE FROM t WHERE ID='%s', "1' AND 1=1 --")
// = "DELETE FROM t WHERE ID='1' AND 1=1 --'" => would delete all data!
并且可能会使您的SQL语句失败:
String.format("DELETE FROM t WHERE v='%s', "It's me!")
// = "DELETE FROM t WHERE v='It's me!'" => syntactically incorrect (quote not escaped)!
编辑:由于ids作为字符串数组提供,KEY_ID可能引用INT列,因此方法1应适用于:
db.delete(TABLE_NAME, "CAST("+KEY_ID+" AS TEXT) IN (" + new String(new char[ids.length-1]).replace("\0", "?,") + "?)", ids);
答案 1 :(得分:4)
尝试这可能它会帮助你:
String[] Ids = ......; //Array of Ids you wish to delete.
String whereClause = String.format(COL_NAME + " in (%s)", new Object[] { TextUtils.join(",", Collections.nCopies(Ids.size(), "?")) });
db.delete(TABLE_NAME, whereClause, Ids);
答案 2 :(得分:0)
阅读此documentation它说你不应该将execSQL与INSERT,DELETE,UPDATE或SELECT一起使用,因为它可能存在潜在的安全风险。我仍然相信第一个表现更好。
答案 3 :(得分:0)
我用了这个:
String[] Ids = new String[]{"1", "2", "3"};
mContext.getContentResolver().delete(CONTENT_URI, ID + " IN (?, ?, ?)",Ids);
多?工作。
答案 4 :(得分:-6)
试试这个
public void deleteRec(String[] ids) { //ids is an array
SQLiteDatabase db = this.getWritableDatabase();
for (int i = 0; i < ids.length; i++) {
//Your code for delete
}
db.close();
}