-3
我正在使用Android的SQLite存储选项来存储书籍的一些引用。该表已创建,但在执行Insert语句时会发生错误。SQLite中的语法错误(插入语句)
这里的查询字符串:
writeableDatabase.execSQL("INSERT INTO " + BookSave.TABLE_NAME +
" VALUES(" + book.getTitle().toString() +
"," + book.getAuthor().toString() + ","
+ book.getPathOfCover().toString() + ");");
这里的logcat的:
near "Devices": syntax error
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: FATAL EXCEPTION: Thread-2698
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: Process: dreamnyc.myapplication, PID: 23973
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: android.database.sqlite.SQLiteException: near "Devices": syntax error (code 1): , while compiling: INSERT INTO book VALUES(Electronic Devices & Circuits,Jacob Millman & Christos C. Halkias,/storage/emulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicDevicesCircuits/OEBPS/images/leaf-image0000.jpg);
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:891)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:502)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:58)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteStatement.<init>(SQLiteStatement.java:31)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteDatabase.executeSql(SQLiteDatabase.java:1674)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at android.database.sqlite.SQLiteDatabase.execSQL(SQLiteDatabase.java:1605)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at dreamnyc.myapplication.MainActivity$2.run(MainActivity.java:189)
02-27 19:21:04.555 23973-24058/dreamnyc.myapplication E/AndroidRuntime: at java.lang.Thread.run(Thread.java:818)
为了避免SQL注入使用参数绑定。无论如何,你的查询没有字符串字面值。 'INSERT INTO book VALUES(Electronic Devices&Circuits,Jacob Millman&Christos C. Halkias,/ storage/emulated/0/Android/data/dreamnyc.myapplication/files/MillmanHalkias-ElectronicDevicesCircuits/OEBPS/images/leaf-image0000.jpg' – lad2025
我该怎么做?参数绑定是什么意思? –
** [如何在Android中使用SQlite中的预准备语句](http://stackoverflow.com/questions/433392/how-doi-i-使用准备好的语句在SQLite中在Android)** – lad2025