我是Android和SQLite的新手。这个查询看起来对吗?当我在没有变量的情况下对数据库管理器进行查询时,它工作正常,直到我在最后添加第二个变量。
Cursor cursor = database.rawQuery("SELECT car FROM cars WHERE color = " + color + " AND equipment = " + equipment + ";", null);
答案 0 :(得分:1)
您缺少单引号。如果有效,请尝试此查询。
Cursor cursor = database.rawQuery("SELECT car FROM cars WHERE color = " + DatabaseUtils.sqlEscapeString(String.valueOf(color)) + " AND equipment = " + DatabaseUtils.sqlEscapeString(String.valueOf(equipment)), null);
答案 1 :(得分:0)
为了简化格式设置并避免SQL注入攻击,您应该使用字符串值的参数:
database.rawQuery("SELECT car FROM cars WHERE color = ? AND equipment = ?",
new String[]{ color, equipment });