本文介绍了一个常见的SQLite查询错误,即忘记在查询字符串中使用占位符。通过对比错误和正确的代码示例,详细解释了如何正确地使用参数化查询来避免SQL注入风险。
今天写一个登录的时候查询数据库时报了这样的错误
出错代码:
private PhoneNumber queryPhone(String phonenumber) {
SQLiteDatabase sqLiteDatabase = DB.getWritableDatabase();
PhoneNumber phoneNumber = new PhoneNumber();
Cursor cursor = sqLiteDatabase.query("PhoneNumber", new String[] {
"id", "phonenumber", "passwd", "username" }, "phonenumber",
new String[] { phonenumber }, null, null, null);
while (cursor.moveToNext()) {
phoneNumber.id = cursor.getInt(cursor.getColumnIndex("id"));
phoneNumber.phoneNumber = cursor.getString(cursor
.getColumnIndex("phonenumber"));
phoneNumber.passwd = cursor.getString(cursor
.getColumnIndex("passwd"));
phoneNumber.username = cursor.getString(cursor.getColumnIndex("username"));
}
DB.close();
sqLiteDatabase.close();
return phoneNumber;
}
查询条件忘记加“=?”了
改正之后代码:
private PhoneNumber queryPhone(String phonenumber) {
SQLiteDatabase sqLiteDatabase = DB.getWritableDatabase();
PhoneNumber phoneNumber = new PhoneNumber();
Cursor cursor = sqLiteDatabase.query("PhoneNumber", new String[] {
"id", "phonenumber", "passwd", "username" }, "phonenumber=?",
new String[] { phonenumber }, null, null, null);
while (cursor.moveToNext()) {
phoneNumber.id = cursor.getInt(cursor.getColumnIndex("id"));
phoneNumber.phoneNumber = cursor.getString(cursor
.getColumnIndex("phonenumber"));
phoneNumber.passwd = cursor.getString(cursor
.getColumnIndex("passwd"));
phoneNumber.username = cursor.getString(cursor.getColumnIndex("username"));
}
DB.close();
sqLiteDatabase.close();
return phoneNumber;
}这样就对了 记录下 下次不要犯这样的错误
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
