Android的SQLiteException：綁定或列索引超出範圍問題

Question

在android中我使用以下語句。

model = dataHelper.rawQuery("SELECT _id, engword, lower(engword) as letter FROM word WHERE letter >= 'a' AND letter < '{' AND engword LIKE '%" + filterText + "%'", new String[ {"_id","engword", "lower(engword) as letter"}); 

它扔android.database.sqlite.SQLiteException: bind or column index out of range: handle 0x132330

什麼是我的代碼的問題？

Answer 1

正確的說法是：

model = dataHelper.rawQuery(" 
    SELECT _id, engword, lower(engword) as letter 
    FROM word W 
    HERE letter >= 'a' 
    AND letter < '{' 
    AND engword LIKE ? ORDER BY engword ASC 
    ", 
    new String[] {"%" + filterText + "%"} 
); 

Answer 2

您提供了3個參數，但在查詢中沒有?。傳遞null而不是字符串數組作爲第二個參數傳遞給rawQuery或?

1更換_id，engword和lower(engword) as letter在您選擇的字符串）

model = dataHelper.rawQuery("SELECT ?, ?, ? FROM word WHERE letter >= 'a' AND letter < '{' AND engword LIKE '%" + filterText + "%'",new String[] {"_id","engword", "lower(engword) as letter"}); 

2）

model = dataHelper.rawQuery("SELECT _id, engword, lower(engword) as letter FROM word WHERE letter >= 'a' AND letter < '{' AND engword LIKE '%" + filterText + "%'", null); 

編輯： 正如@Ewoks指出的那樣，選項（1）不正確，因爲預準備語句只能得到參數（？s）在WHERE子句中。

Answer 3

如果有人跟我一樣試圖（和失敗），以獲得這與getContentResolver().query在這裏工作我是怎麼做的：

* 更新多虧了@評論CL和@Wolfram Rittmeyer，因爲他們說這是一樣的rawQuery *

正確方法：

public static String SELECTION_LIKE_EMP_NAME = Columns.EMPLOYEE_NAME 
      + " like ?";    

    Cursor c = context.getContentResolver().query(contentUri, 
       PROJECTION, SELECTION_LIKE_EMP_NAME, new String[] { "%" + query + "%" }, null); 

以前的答案，這是開放的SQL注入攻擊：

public static String SELECTION_LIKE_EMP_NAME = Columns.EMPLOYEE_NAME 
      + " like '%?%'"; 

String selection = SELECTION_LIKE_EMP_NAME.replace("?", query); 

Cursor c = context.getContentResolver().query(contentUri, 
      PROJECTION, selection, null, null);