我有一个方法,如果检查两个文本字段是否存在,然后重新调整记录 ID。 我的方法是这样的:
int getQueryMatch(String word, String meter) {
SQLiteDatabase db = this.getReadableDatabase();
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + QUERYWORD + "= '" + word + "' AND WHERE " + DISTANCEQ + "= '"+ meter +"' " ;
Cursor cursor = db.rawQuery(selectQuery, null);
int getidd = cursor.getColumnIndex(KEY_ID) ;
Log.v("Match query ", "return? " + getidd );
if (cursor != null)
cursor.moveToFirst();
// return History
return getidd;
}
我的 table 看起来像这样:
String CREATE_HISTORYS_TABLE = "CREATE TABLE IF NOT EXISTS " + TABLE_HISTORY + "(" + KEY_ID + " INTEGER PRIMARY KEY AUTOINCREMENT," +
QUERYWORD + " TEXT," + DISTANCEQ + " TEXT" + "," + KEY_TIMESTAMP + ")";
db.execSQL(CREATE_HISTORYS_TABLE);
现在,当我像 getQueryMatch(Mystr1 , Mystr2) 一样运行该方法时;
我得到了这个错误:
10-18 22:04:04.294: E/AndroidRuntime(13736): FATAL EXCEPTION: AsyncTask #1
10-18 22:04:04.294: E/AndroidRuntime(13736): java.lang.RuntimeException: An error occured while executing doInBackground()
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.os.AsyncTask$3.done(AsyncTask.java:299)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.FutureTask$Sync.innerSetException(FutureTask.java:273)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.FutureTask.setException(FutureTask.java:124)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:307)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.lang.Thread.run(Thread.java:856)
10-18 22:04:04.294: E/AndroidRuntime(13736): Caused by: ****android.database.sqlite.SQLiteException: near "WHERE": syntax error (code 1): , while compiling: SELECT * FROM history WHERE query= 'Information Pillar' AND WHERE distance= '20'****
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:882)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:493)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:58)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteQuery.<init>(SQLiteQuery.java:37)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.java:44)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1314)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.database.sqlite.SQLiteDatabase.rawQuery(SQLiteDatabase.java:1253)
10-18 22:04:04.294: E/AndroidRuntime(13736): at com.example.phooogle.DatabaseHandler.getQueryMatch(DatabaseHandler.java:149)
10-18 22:04:04.294: E/AndroidRuntime(13736): at com.example.phooogle.GoogleMapsAppActivity$InitTask.doInBackground(GoogleMapsAppActivity.java:233)
10-18 22:04:04.294: E/AndroidRuntime(13736): at com.example.phooogle.GoogleMapsAppActivity$InitTask.doInBackground(GoogleMapsAppActivity.java:1)
10-18 22:04:04.294: E/AndroidRuntime(13736): at android.os.AsyncTask$2.call(AsyncTask.java:287)
10-18 22:04:04.294: E/AndroidRuntime(13736): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
我的选择查询看起来没问题,但我不知道问题出在哪里?
最佳答案
去掉第二个WHERE
,就可以了。
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + QUERYWORD + "= '" + word + "' AND WHERE " + DISTANCEQ + "= '"+ meter +"' " ;
^^^^^
here's the error
啊,顺便说一下:您的查询建筑似乎极易受到 SQL injection 的攻击!最好解决这个问题。
关于android - 靠近 "WHERE": syntax error - SQLite,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12953206/