如何从SQLite w.r.t中搜索Android中单引号和双引号的字符串？

我从安卓在str是一个字符串，按以下方式如何从SQLite w.r.t中搜索Android中单引号和双引号的字符串？

Cursor searchCusor = getCursorForSearchQuery(str);

使用光标查询SQLite的。该字符串可能包含单引号和双引号。所以，当光标尝试搜索它抛出一个异常

04-12 17:32:11.961: E/AndroidRuntime(2337): FATAL EXCEPTION: main 
04-12 17:32:11.961: E/AndroidRuntime(2337): android.database.sqlite.SQLiteException: unrecognized token: "' AND latitude != 0 AND longitude != 0 ORDER BY title ASC": , while compiling: SELECT _id, title FROM node WHERE title LIKE '%'%' AND latitude != 0 AND longitude != 0 ORDER BY title ASC 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteCompiledSql.native_compile(Native Method) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteCompiledSql.compile(SQLiteCompiledSql.java:91) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteCompiledSql.<init>(SQLiteCompiledSql.java:64) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:80) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteQuery.<init>(SQLiteQuery.java:46) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.java:53) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1412) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteDatabase.queryWithFactory(SQLiteDatabase.java:1296) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteDatabase.query(SQLiteDatabase.java:1251) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.database.sqlite.SQLiteDatabase.query(SQLiteDatabase.java:1331) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.mid.kew.apies.KewDatabaseHelper.getCursorForSearchMapPage(KewDatabaseHelper.java:285) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.mid.kew.activities.MapFragment.getCursorForSearchQuery(MapFragment.java:538) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.mid.kew.activities.MapFragment.access$12(MapFragment.java:537) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.mid.kew.activities.MapFragment$6.afterTextChanged(MapFragment.java:348) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.widget.TextView.sendAfterTextChanged(TextView.java:6271) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.widget.TextView$ChangeWatcher.afterTextChanged(TextView.java:6454) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.text.SpannableStringBuilder.sendTextHasChanged(SpannableStringBuilder.java:903) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.text.SpannableStringBuilder.change(SpannableStringBuilder.java:359) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.text.SpannableStringBuilder.change(SpannableStringBuilder.java:275) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.text.SpannableStringBuilder.replace(SpannableStringBuilder.java:438) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.text.SpannableStringBuilder.replace(SpannableStringBuilder.java:415) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.text.SpannableStringBuilder.replace(SpannableStringBuilder.java:28) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.view.inputmethod.BaseInputConnection.replaceText(BaseInputConnection.java:583) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.view.inputmethod.BaseInputConnection.commitText(BaseInputConnection.java:174) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.android.internal.widget.EditableInputConnection.commitText(EditableInputConnection.java:120) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:247) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:73) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.os.Handler.dispatchMessage(Handler.java:99) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.os.Looper.loop(Looper.java:144) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at android.app.ActivityThread.main(ActivityThread.java:4937) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at java.lang.reflect.Method.invokeNative(Native Method) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at java.lang.reflect.Method.invoke(Method.java:521) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:868) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626) 
04-12 17:32:11.961: E/AndroidRuntime(2337):  at dalvik.system.NativeStart.main(Native Method)

我试图取代单引号如下

str.replace("'", "\' ");

但这并没有工作了，给了同样的错误

来源

2012-04-11 Nik

你没有显示你的getCursorForSearchQuery方法，但我的猜测是它只是直接在SQL中包含值。不要这样做。使用参数化的SQL查询PreparedStatement，一切都会好的。您当前的错误不仅会消失，而且还会关闭SQL注入攻击漏洞，您将处于更好的位置处理其他数据类型而无需转换问题。

来源

2012-04-11 16:42:34

嗨谢谢你的帮助...这就是myDatabase.query（“node”，new String [] {“_ id”，“title”}，“title LIKE \'％”+ stringToSearch + “％\'AND latitude！= 0 AND longitude！= 0”，null，null，null，“title ASC”）;你能举个例子说明你对我的请求。 – Nik 2012-04-12 07:57:33

@Raj：请参阅http://developer.android.com/reference/java/sql/PreparedStatement.html及相关主题。 – 2012-04-12 08:03:48

再次感谢你...我尝试了下面这一行，它的工作... myDatabase.rawQuery（“SELECT _id，标题从节点WHERE标题像？和纬度！= 0和经度！= 0 ORDER BY标题ASC”，新串[] { “％” + stringToSearch + “％”}）;这是你在你的回答 – Nik 2012-04-12 09:01:13

我以前使用下面的语句

myDatabase.query("node", new String[]{"_id","title"}, "title LIKE \'%" + stringToSearch +"%\' AND latitude != 0 AND longitude != 0" ,null, null,null, "title ASC");

这创造我所提到的

的问题，所以我修改了查询

myDb.query("node", new String[]{"_id","title"}, "title LIKE ? AND latitude != 0 AND longitude != 0" ,new String[]{"%"+stringToSearch+"%"}, null,null, "title ASC");

，现在工作的罚款。

来源

2012-04-12 09:32:41 Nik

如何从SQLite w.r.t中搜索Android中单引号和双引号的字符串？

回答

相关问题