转义引号android时出现SQL语法错误

时间:2018-07-26 16:39:31

标签: android sqlite escaping

好的,所以我正在为同学们构建一个应用程序,该应用程序从我的在线mysql数据库中获取程序并将其存储在本地sqlite数据库中。

但是它给了我一个错误,我也尝试了转义双引号和单引号,https://www.eversql.com/sql-syntax-check-validator/也验证了我的查询,但是我的应用仍然崩溃并给了我一个错误。

现在这些代码使用的是“ c”语言,因此包含了switch-case语句,并且当单引号出现在该switch case语句中时,问题就来了。

转义引号的代码:

public static void fromJSON(JSONArray jsonArray){

    try {
        String code;
        SplashScreen.titles.clear();
        SplashScreen.codes.clear();
        int length = jsonArray.length();
        for (int i = 0; i < length; i++) {

            SplashScreen.titles.add(jsonArray.getJSONObject(i).getString("title"));
            code = jsonArray.getJSONObject(i).getString("code");
            code = code.replaceAll("\'","\\\\\'");
            code = code.replaceAll("\"","\\\\\"");
            SplashScreen.codes.add(code);

        }
    }catch (Exception e)
    {
        Log.d("Practice", e.toString());
    }

}

,SQLite语句为:

public void updateDatabaseWithUpdate(String tableName)
{
    SQLiteDatabase SPADatabase = this.openOrCreateDatabase("myDatabase", MODE_PRIVATE, null);

    Log.d("getUpdateData", "Updating database : "+tableName);

    //SPADatabase.execSQL("DELETE FROM "+tableName);

    for(int i = 0; i<titles.size(); i++) {
        Log.d("trialanderror", codes.get(i));
        SPADatabase.execSQL("INSERT INTO " + tableName + " (title,code) VALUES ('" + titles.get(i) + "','" + codes.get(i) + "')");
    }

    //Toast.makeText(this, tableName+" Database updated!", Toast.LENGTH_SHORT).show();

    setLocalCounts();

    //Log.d("dbCount", tableName+" dbCount = "+dbCount);


}

我得到的错误:

07-26 21:58:08.448 8919-8919/com.femindharamshi.spa E/SQLiteLog: (1) near "c": syntax error
07-26 21:58:08.449 8919-8919/com.femindharamshi.spa D/AndroidRuntime: Shutting down VM
07-26 21:58:08.450 8919-8919/com.femindharamshi.spa E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.femindharamshi.spa, PID: 8919
    android.database.sqlite.SQLiteException: near "c": syntax error (code 1): , while compiling: INSERT INTO controlstructures (title,code) VALUES ('WAP to perform Math Operators on a menu based program','#include<conio.h>
    #include<stdio.h>
    #include<math.h>
    void main()
    {
        double x;
        char M;
        clrscr();
        printf(\"Enter Value of X :\");
        scanf(\"%lf\", &x);
        printf(\"Enter your choice : \n\");
        printf(\"c or C for ceil\nf or F for floor\ne or E for exp\ns or S for sqrt \nl or L fir log\na or A for fabs : \n\");
        scanf(\"%s\", &M);

        switch(M)
        {
          case \'c\':
          case \'C\':printf(\"Ceil = %lf\", ceil(x));
                      break;

          case \'f\':
          case \'F\':printf(\"Floor = %f\", floor(x));
                      break;

          case \'e\':
          case \'E\':printf(\"Exp = %lf\", exp(x));
                      break;

          case \'s\':
          case \'S\':printf(\"Sqrt = %lf\", sqrt(x));
                      break;

          case \'l\':
          case \'L\':printf(\"Log = %lf\", log(x));
                      break;

          case \'a\':
          case \'A\':printf(\"fabs(x) = \", fabs(x));
                      break;
          default: printf(\"INVALID INPUT\");

        }



        getch();
    }')
        at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
        at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:889)
        at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:500)
        at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
        at android.database.sqlite.SQLiteProgram.(SQLiteProgram.java:58)
        at android.database.sqlite.SQLiteStatement.(SQLiteStatement.java:31)
        at android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1677)
        at android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1608)
        at com.femindharamshi.spa.SplashScreen.updateDatabaseWithUpdate(SplashScreen.java:495)
        at com.femindharamshi.spa.SplashScreen$5.onSuccess(SplashScreen.java:473)
        at com.loopj.android.http.JsonHttpResponseHandler$1$1.run(JsonHttpResponseHandler.java:154)
        at android.os.Handler.handleCallback(Handler.java:789)
        at android.os.Handler.dispatchMessage(Handler.java:98)
        at android.os.Looper.loop(Looper.java:164)
        at android.app.ActivityThread.main(ActivityThread.java:6541)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:240)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:767)

1 个答案:

答案 0 :(得分:2)

SQL不是C,并且不使用C转义规则。

在SQL字符串中,不能转义双引号,并且必须将双引号''翻双。

但是,为避免此类格式化问题,请更好地使用参数(其中的值根本不需要转义):

SPADatabase.execSQL("INSERT INTO " + tableName + " (title,code) VALUES (?,?)",
                    new Object[]{ titles.get(i), codes.get(i) });

或者避免完全通过使用helper function like insert()来编写SQL命令。

相关问题
最新问题