如何在rawQuery的wherearg字段中使用字符串變量？

Question

我收到的時候我使用這個代碼正確的輸出：

c=sdb.rawQuery("select * from " + TABLE_ShopDetails + " where " + COL_UN + "=? and " + COL_PWD + "=? " , new String[]{"pavan@demart","pavandemart"}); 

但是當我使用：

c=sdb.rawQuery("select * from " + TABLE_ShopDetails + " where " + COL_UN + "=? and " + COL_PWD + "=? " , new String[]{un,pwd}); 

我沒有得到預期的結果。有人可以告訴我在rawQuery的where子句中使用字符串變量的正確方法。我只想使用字符串變量而不是字符串文字。

在此先感謝。

public class DatabaseHelper extends SQLiteOpenHelper { 
     private static final String TAG=DatabaseHelper.class.getSimpleName(); 

     // Logcat tag 
     private static final String LOG = "DatabaseHelper"; 


     // Database Version 
     private static final int DATABASE_VERSION = 2; 

     // Database Name 
     private static final String DATABASE_NAME = "ShopDatabase"; 

     // Table Names 
     private static final String TABLE_Products = "Products"; 
     private static final String TABLE_ShopDetails = "ShopDetails"; 
     private static final String TABLE_Feesdback = "Feesdback"; 


     //Products column names 
     private static final String COL_PN = "ProductName"; 
     private static final String COL_PT = "ProductType"; 
     private static final String COL_COMP = "Company"; 
     private static final String COL_PR = "Price"; 
     private static final String COL_QT = "Quantity"; 

     // ShopDetails Table - column nmaes 
     private static final String COL_SN = "ShopName"; 
     private static final String COL_SKN = "ShopkeeperName"; 
     private static final String COL_SA = "Address"; 
     private static final String COL_UN = "Username"; 
     private static final String COL_PWD = "Password"; 

     //Feesdback table column names 
     private static final String COL_FPN = "PName"; 
     private static final String COL_FB = "Feesdback"; 


     // Table Create Statements 
     // Todo table create statement 
     private static final String CREATE_TABLE_PRODUCTS = " CREATE TABLE " 
       + TABLE_Products + " (" + COL_PN + " TEXT PRIMARY KEY, " + COL_PT + " TEXT, " + COL_COMP + " TEXT, " + COL_PR + " REAL, " +COL_QT+ " INTEGER " + ") "; 



     // Tag table create statement 
     private static final String CREATE_TABLE_SHOPDETAILS = " CREATE TABLE " 
       + TABLE_ShopDetails + " (" + COL_SN + " TEXT PRIMARY KEY, " + COL_SKN + " TEXT, " + COL_SA + " TEXT, " + COL_UN + " TEXT, " +COL_PWD+ " TEXT " + ") "; 

     private static final String CREATE_TABLE_FEEDBACK = " CREATE TABLE " 
       + TABLE_Feesdback + " (" +COL_FPN + " TEXT PRIMARY KEY, " + COL_FB + " TEXT " + ") "; 

     private static Context context; 

     public static SQLiteDatabase sdb; 

      Cursor c; 

      String username,password; 

     public DatabaseHelper(Context context) { 
      super(context, DATABASE_NAME, null, DATABASE_VERSION); 
     } 



     //TODO Auto-generated constructor stub 





     @Override 
     public void onCreate(SQLiteDatabase sdb) { 

      // creating required tables 
      sdb.execSQL(CREATE_TABLE_PRODUCTS); 


      sdb.execSQL(CREATE_TABLE_SHOPDETAILS); 
      sdb.execSQL(CREATE_TABLE_FEEDBACK); 

      sdb.execSQL("insert into " + TABLE_Products + " values('Rice','Grocery','Balaji',70.00,30)"); 
      sdb.execSQL("insert into " + TABLE_Products + " values('Oil','Grocery','SunFlower',45.00,20)"); 
      sdb.execSQL("insert into " + TABLE_Products + " values('Gelgyme','Laundry','Amway',600.00,20)"); 
      sdb.execSQL("insert into " + TABLE_ShopDetails + " values('Demart','Pavan','Malakpet','pavan@demart','pavandemart')"); 
      sdb.execSQL("insert into " + TABLE_ShopDetails + " values('More','Ragavendra','Kothapet','ragavendra@more','ragavendramore')"); 

      System.out.println("in oncreate"); 
     } 

     @Override 
     public void onUpgrade(SQLiteDatabase sdb, int oldVersion, int newVersion) { 
      // on upgrade drop older tables 
      sdb.execSQL("DROP TABLE IF EXISTS" + TABLE_Products); 
      sdb.execSQL("DROP TABLE IF EXISTS" + TABLE_ShopDetails); 

      // create new tables 
      onCreate(sdb); 
     } 

     public void open() 
     { 
      sdb=this.getWritableDatabase(); 
     } 

     public void close() 
     { 
      getWritableDatabase().close(); 
     } 


     public int validate(String un,String pwd) 
     { 
      sdb=this.getReadableDatabase(); 
     System.out.println("in validate method"); 

      username=un; 
      password=pwd; 
      System.out.println(username); 
      System.out.println(password); 
      int flag=0; 
      Log.d(TAG, un); 
      Log.d(TAG, pwd); 

      //String[] qry={"pavan@demart","pavandemart"}; 
      System.out.println("in validate strings" + un + "," + pwd); 
     //worked 
      c=sdb.rawQuery("select * from " + TABLE_ShopDetails + " where " + COL_UN + "=? and " + COL_PWD + "=? " , new String[]{un,pwd}); 
     //c=sdb.rawQuery(" select * from " + TABLE_ShopDetails + " where " + COL_UN + "= '" + username + "' and " + COL_PWD + "= '" + password + "' ", null); 
     //c=sdb.query(TABLE_ShopDetails, null, "Username=? and Password=?", qry, null, null, null); 


      System.out.println("before while in try"); 
      if(c!=null) 
      { 
     if(c.moveToNext()) 
     { 
      System.out.println("in while "); 
       flag=1; 
      } 
      } 
      else 
        System.out.println("c is null"); 
      c.close(); 
      sdb.close(); 
      return flag; 
      } 


    } 

Answer 1

考慮下面的例子作爲參考來修復你的代碼，我認爲這個問題是與參數的字符串數組傳遞到rawQuery

public Cursor getTrailByType(String id) { 
    String[] args={id}; 

    return(getReadableDatabase() 
      rawQuery("SELECT _id, NAME FROM trail WHERE TYPE_id=? OR ENT=?", 
       args)); 
    }