使用字母时,Android SQLite崩溃

时间:2016-09-30 08:48:09

标签: android sqlite android-sqlite

我的android代码将字符串保存到SQlite数据库,只有在我使用数字时它才有效。如果我使用字母,它会崩溃。

这是代码:

final SQLiteDatabase mydatabase = openOrCreateDatabase("localdatabase",MODE_PRIVATE,null);
mydatabase.execSQL("CREATE TABLE IF NOT EXISTS SPENT(id INTEGER PRIMARY KEY AUTOINCREMENT, date VARCHAR, value VARCHAR,label1 " +
    "VARCHAR,label2 VARCHAR,label3 VARCHAR,label4 VARCHAR,label5 VARCHAR);");

String  uniqueID = UUID.randomUUID().toString();
long unixTime = System.currentTimeMillis() / 1000L;

EditText et1 = (EditText) findViewById(R.id.editText);
EditText et2 = (EditText) findViewById(R.id.editText2);
EditText et3 = (EditText) findViewById(R.id.editText3);
EditText et4 = (EditText) findViewById(R.id.editText4);
EditText et5 = (EditText) findViewById(R.id.editText5);
EditText et6 = (EditText) findViewById(R.id.editText6);

String str1 = et1.getText().toString();
String str2 = et2.getText().toString();
String str3 = et3.getText().toString();
String str4 = et4.getText().toString();
String str5 = et5.getText().toString();
String str6 = et6.getText().toString();

if (str1.isEmpty()){str1 = "0";};
if (str2.isEmpty()){str2 = "0";};
if (str3.isEmpty()){str3 = "0";};
if (str4.isEmpty()){str4 = "0";};
if (str5.isEmpty()){str5 = "0";};
if (str6.isEmpty()){str6 = "0";};

String Msg = "WriteNewLoan,"+userName+","+unixTime+","+str1+","+str2+","
    +str3+","+str4+","+str5+","+str6+","+uniqueID+","+base64PW;

mydatabase.execSQL("INSERT INTO LOAN VALUES("+unixTime+","+str1+","+str2
    +","+str3+","+str4+","+str5+","+str6+");");

这是catlog中的错误:

Process: com.spendingtracker.readdeo.spendingtracker, PID: 21859
android.database.sqlite.SQLiteException: unrecognized token: "2hvg" (code 1): , while compiling: INSERT INTO SPENT (date,value,label1,label2,label3,label4,label5) VALUES(1475224906,0,0,2hvg,0,0,0);
    at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
    at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:889)
    at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:500)
    at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
    at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:58)
    at android.database.sqlite.SQLiteStatement.<init>(SQLiteStatement.java:31)
    at android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1674)
    at android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1605)
    at com.spendingtracker.readdeo.spendingtracker.MainActivity$4.onClick(MainActivity.java:242)
    at android.view.View.performClick(View.java:5204)
    at android.view.View$PerformClick.run(View.java:21156)
    at android.os.Handler.handleCallback(Handler.java:739)
    at android.os.Handler.dispatchMessage(Handler.java:95)
    at android.os.Looper.loop(Looper.java:148)
    at android.app.ActivityThread.main(ActivityThread.java:5466)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

错误指向此行:

mydatabase.execSQL("INSERT INTO SPENT (date,value,label1,label2,label3,label4,label5) VALUES("+unixTime+","+str1+","+str2
    +","+str3+","+str4+","+str5+","+str6+");");

无法识别的令牌:“2hvg”是来自EditText的字符串,如果它不仅包含数字,则会使其崩溃。

你能否告诉我为什么这不能用于信件?我试图用TEXT替换VARCHAR,但没有任何改变。

3 个答案:

答案 0 :(得分:1)

首先是解决方案。

您的查询中的问题是您错过了转义值,正如其他人所说的那样。

所以在每个字符串之前和之后添加'

mydatabase.execSQL("INSERT INTO SPENT (date,value,label1,label2,label3,label4,label5) VALUES('"+unixTime+"','"+str1+"','"+str2
                        +"','"+str3+"','"+str4+"','"+str5+"','"+str6+"');");

现在,说这个,我不得不说你使用的方法不是最好的方法,出于安全原因和代码简洁性

如果您需要插入数据,请使用经典SqliteDatabase Insert function here is the doc about it

ContentValues values = new ContentValues();
values.put("date", myDateString);
values.put("value", myValueString);
...//and so on

db.insert(tableName, null, values);

你完成了。希望这有帮助

答案 1 :(得分:0)

尝试使用'。

转义字符串
mydatabase.execSQL("INSERT INTO SPENT (date,value,label1,label2,label3,label4,label5) VALUES('"+unixTime+"','"+str1+"','"+str2
                        +"','"+str3+"','"+str4+"','"+str5+"','"+str6+"');");

答案 2 :(得分:-1)

您需要在值周围添加引号,如:

mydatabase.execSQL("INSERT INTO SPENT (date,value,label1,label2,label3,label4,label5) VALUES('"+unixTime+"','"+str1+"','"+str2+"','"+str3+"','"+str4+"','"+str5+"','"+str6+"');");