<分区>
我想使用准备好的语句来防止 Android SQLite 数据库上的 sql 注入(inject)。但是,当查询包含 Like
并使用 Where name = ?
时,rawquery 会崩溃
有没有办法在 Android SQLite 数据库中使用 like 和 prepared 语句?
这是查询:
sqlQuery = "SELECT * FROM " + TABLE_CALLS + " where " + CALLER_NAME + " like ? COLLATE NOCASE or " + CALLER_NBR + " like ? or " + CALLER_EXT + " like ?" + " or " + IS_OUTGOING + " like ? COLLATE NOCASE or " + TYPE + " like ? COLLATE NOCASE";
Cursor cursor = database.rawQuery(sqlQuery, new String[]{"%" + criterion + "%", "%" + criterion + "%","%" + criterion + "%","%" + criterion + "%","%" + criterion + "%"});
它给出了超出范围的绑定(bind)或列索引 谢谢。