CODEWITHSUNDEEP
javaandroidsqlite
Heinzi
Heinzi

Reputation: 172260

Can I make SQLiteDatabase complain about missing parameters?

Recently, I've had a few bugs because of code like this:

Cursor myCursor = myDb.rawQuery(
        "SELECT ... " +
        "  FROM ...complicated join... " +
        " WHERE field1 = ? AND (field2 = ? OR field3 = ?) ",
        new String[] {myField1, myField2});   // Oops, forgot about field3

When this happens, the query just silently ignores the missing parameter, causing bugs to go unnoticed. Is there some pedantic setting or anything else that I can use to make SQLite scream (at run-time) when the number of placeholders and the number of fields do not match?

I know that I could build my own wrapper, but I'm wondering if there's something built-in...

Upvotes: 4

Views: 131

Answers (1)

zapl
zapl

Reputation: 63955

Android is basically just passing the args unchecked to native sqlite, see http://www.sqlite.org/c3ref/bind_blob.html

If something is not bound it is simply considered to be bound to NULL. Binding too much should result in an error though

I don't know of / have not seen any debug option in Android's source for that kind of checks but you could probably write some code that checks your sql syntax:

SQLiteChecker mDbChecked = new SQLiteChecker(mDb);
Cursor c = mDbChecked.rawQuery("select complicated from table where stuff=?",
        new String[] {"one", "two"});

where SQLiteChecker would be something along the lines of 

/**
 * Simple Delegate for SQLiteDatabase
 */
public class SQLiteChecker {
    private final SQLiteDatabase mDbDelegate;
    public SQLiteChecker(SQLiteDatabase db) {
        mDbDelegate = db;
    }
    // ------------ Delegate methods --------------------//
    public int delete(String table, String whereClause, String[] whereArgs) {
        checkSQL(whereClause, whereArgs);
        return mDbDelegate.delete(table, whereClause, whereArgs);
    }

    public int update(String table, ContentValues values, String whereClause, String[] whereArgs) {
        checkSQL(whereClause, whereArgs);
        return mDbDelegate.update(table, values, whereClause, whereArgs);
    }

    public void execSQL(String sql, Object[] bindArgs) throws SQLException {
        checkSQL(sql, bindArgs);
        mDbDelegate.execSQL(sql, bindArgs);
    }

    public Cursor rawQuery(String sql, String[] selectionArgs) {
        checkSQL(sql, selectionArgs);
        return mDbDelegate.rawQuery(sql, selectionArgs);
    }

    // add more if you need

    // -------------- checking logic -------------------//
    private static void checkSQL(String query, Object[] args) {
        // bit unreliable but simple:
        // just check if amount of ? matches args.length
        int expected = countChar(query, '?');
        int actual = args != null ? args.length : 0;
        if (expected != actual) {
            Log.e("CHECK", "You seem to have messed up [" + query + "]");
            Log.e("CHECK", "expected:" + expected + " actual:" + actual);
        }
    }

    private static int countChar(String string, char ch) {
        if (string == null) return 0;
        int count = 0;
        for (int i = 0; i < string.length(); i++) {
            if (string.charAt(i) == ch)
                count++;
        }
        return count;
    }
}

Upvotes: 1

Related Questions